CVE-2022-49872

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the net: gso module. The issue occurs when the gso size of a GRO packet is changed, and the frag list contains skbs with mixed head allocation types. This can lead to a panic in skb segment when the vmxnet3 driver is used. The problem arises because netdev alloc skb and napi alloc skb can return skbs that are either page-backed or kmalloced, depending on the requested size. As a result, the last small skb in the GRO packet can be kmalloced. The vulnerability can be exploited when the NETIF F SG flag is set, and the gso size is modified.

Recommendations To resolve the issue, apply the patch that implements the fix by walking the frag list in skb segment when determining whether NETIF F SG should be cleared. This fix is applied only for skbs with SKB GSO DODGY set and gso size changed, to limit the performance impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.