CVE-2022-49856

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3-syzkaller-00175-g1118b2049d77

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the napi schedule prep() function, which must be called to ensure ownership of a napi before feeding packets to GRO and calling napi complete(). A recent patch exposed another issue in napi get frags() caught by syzbot. The vulnerability is related to the tun module and the napi complete done() function.

Recommendations To resolve the issue, update to a version of the Linux kernel that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.