CVE-2022-49959

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the openvswitch component. The issue occurs when the ovs dp cmd new() function fails during datapath creation, causing a memory leak due to a missing kfree call for the dp->upcall portids array. This issue can be exploited, potentially leading to system instability or other security concerns. The estimated number of potentially affected devices worldwide is not available.

Recommendations To resolve this issue, apply the patch that adds the missing kfree call in the ovs dp set upcall portids() function. As a temporary workaround, consider disabling the ovs dp cmd new() function until a patch is available. Restrict access to the vulnerable openvswitch module to minimize the risk of exploitation. Avoid using the dp->upcall portids array in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.