CVE-2022-49920

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's netfilter: nf tables has been identified. The issue involves the netlink notifier, which could potentially race to release objects. This occurs because the commit release path, invoked via call rcu(), runs without locking to release objects after the rcu grace period. As a result, the netlink notifier handler might remove objects that the transaction context still references from the commit release path. To address this, rcu barrier() should be called to ensure that pending rcu callbacks run to completion if the list of transactions to be destroyed is not empty.

Recommendations For the Linux kernel, to resolve this issue, call rcu barrier() to ensure pending rcu callbacks run to completion if the list of transactions to be destroyed is not empty. As a temporary workaround, consider restricting access to the netlink notifier handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.