CVE-2022-49691

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc2-syzkaller-00160-g274295c6e53f

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the erspan module, where it was assumed that the transport header is always set. This assumption has been removed, and tests have been rewritten in ip6erspan tunnel xmit() and erspan fb xmit() to not make this assumption. The vulnerability was reported by syzbot, which triggered a warning in the kernel.

Recommendations For Linux kernel versions prior to 5.19.0-rc2-syzkaller-00160-g274295c6e53f, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the erspan module until a patch is available. Restrict access to the vulnerable ip6erspan tunnel xmit() and erspan fb xmit() functions to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.