CVE-2022-50780

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the nfqnl nf hook drop() function. This occurs when the ops init() interface fails during net initialization, leading to an invalid pointer in net->gen. Subsequently, invoking nfqnl nf hook drop() results in accessing this invalid memory location. The issue arises from data being released while the pointer in net->gen remains invalid, and is triggered when ops->init() fails after memory allocation. The call trace indicates the issue occurs during the setup net() process, potentially during namespace creation via the unshare system call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.