CVE-2022-49450

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A bug in the Linux kernel's AF RXRPC listen() handler allows the backlog to be set too high, causing an oops when the socket is closed. This happens because the preallocation circular buffers have 32 slots, but one slot must be a dead slot due to the use of CIRC CNT(). As a result, listen(rxrpc sock, 32) will cause a kernel NULL pointer dereference when the socket is closed. The issue is resolved by setting the maximum backlog to RXRPC BACKLOG MAX - 1 to match the ring capacity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.