CVE-2022-49672
net: tun: unlink NAPI from device on destruction
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
net: tun: unlink NAPI from device on destruction
Syzbot found a race between tun file and device destruction.
NAPIs live in struct tun_file which can get destroyed before
the netdev so we have to del them explicitly. The current
code is missing deleting the NAPI if the queue was detached
first.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2dbhttps://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77chttps://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485dhttps://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989