vulnerability

Debian: CVE-2022-48794: linux -- security update

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:C)
Published
07/30/2024
Added
07/30/2024
Modified
02/20/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ieee802154: at86rf230: Stop leaking skb's

Upon error the ieee802154_xmit_complete() helper is not called. Only
ieee802154_wake_queue() is called manually. In the Tx case we then leak
the skb structure.

Free the skb structure upon error before returning when appropriate.

As the 'is_tx = 0' cannot be moved in the complete handler because of a
possible race between the delay in switching to STATE_RX_AACK_ON and a
new interrupt, we introduce an intermediate 'was_tx' boolean just for
this purpose.

There is no Fixes tag applying here, many changes have been made on this
area and the issue kind of always existed.

Solution

debian-upgrade-linux
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.