CVE-2022-49690

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, where the tls sk proto close function is executed repeatedly due to an incorrect update of the ctx->sk proto to sock->sk prot by tls update(). This leads to a null pointer dereference bug, as indicated by the KASAN report. The issue occurs when closing a socket, triggering the tls sk proto close function, which in turn calls ctx->sk proto->close(), resulting in repeated execution of tls sk proto close. The problem arises from updating a protocol that is the same as sock->sk prot, which is incorrect.

Recommendations To resolve this issue, add a check for equality between the protocol and sock->sk prot at the beginning of the tls update() function to prevent incorrect updates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.