PT-2025-8569 · Linux+5 · Linux Kernel+5

Syzbot

Published

2022-07-08

Updated

2025-07-18

CVE-2022-49636

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the vlan newlink() function. This occurs when a memory allocation fails in vlan changelink() after other allocations have succeeded, and the allocated memory is not properly freed. The issue can be triggered by creating a VLAN interface with a large number of egress QoS mappings, such as ip link add link dummy0 dummy0.100 type vlan id 100 egress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001. The memory leak can lead to unreferenced objects, as reported by syzbot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-58356

BDU:2025-12488

CESA-2023_2951

CVE-2022-49636

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

USN-7585-1

USN-7585-2

USN-7585-3

USN-7585-4

USN-7585-5

USN-7585-6

USN-7585-7

USN-7591-1

USN-7591-2

USN-7591-3

USN-7591-4

USN-7591-5

USN-7591-6

USN-7592-1

USN-7593-1

USN-7597-1

USN-7597-2

USN-7598-1

USN-7602-1

USN-7655-1

Affected Products

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2025-8569 · Linux+5 · Linux Kernel+5

CVE-2022-49636

Weakness Enumeration

Related Identifiers

Affected Products

References · 406