CVE-2022-50043

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential refcount leak has been identified in the ndisc router discovery() function. The issue occurs when specific conditions are met, including a nonzero lifetime and a need for metric change. In such cases, the function may delete a route and set rt to NULL, then attempt to grab rt and neigh again. If successful, it overwrites neigh without decreasing the reference count of the previous neigh, potentially leading to memory leaks. The issue is resolved by decrementing the reference count of neigh in place.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.