CVE-2022-49142

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b

Description A vulnerability has been identified in the Linux kernel, specifically in the skb unclone keeptruesize() function. The issue arises when the kernel fails to preserve the skb end offset() in skb unclone keeptruesize(), leading to a potential error in skb try coalesce(). This vulnerability was discovered by syzbot and is related to the kfence mechanism. The problem occurs when TCP shifts data after skb unclone keeptruesize() has been used, notably from tcp retrans try collapse(). To fix this issue, the skb unclone keeptruesize() function has been split into two parts: an inline function for the common case and an out-of-line function for the 'slow path'.

Recommendations For Linux kernel version 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b and earlier, update to a newer version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.