CVE-2022-49672
net: tun: unlink NAPI from device on destruction
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
26 feb 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
net: tun: unlink NAPI from device on destruction
Syzbot found a race between tun file and device destruction.
NAPIs live in struct tun_file which can get destroyed before
the netdev so we have to del them explicitly. The current
code is missing deleting the NAPI if the queue was detached
first.
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2dbhttps://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77chttps://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485dhttps://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989