CVE-2022-48974

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel related to the netfilter conntrack module. The issue occurs when nf conntrack hash check insert() fails in nf ct ext valid pre/post(), causing NF CT STAT INC() to be called in a preemptible context, which can trigger a call trace. The patch fixes this by using NF CT STAT INC ATOMIC() for the nf ct ext valid pre/post() check in nf conntrack hash check insert() and nf ct ext valid post() in nf conntrack confirm(). The nf ct ext valid pre() check in nf conntrack confirm() is safe to use NF CT STAT INC() as it is under local bh disable().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.