vulnerability
Ubuntu: (CVE-2022-49622): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Feb 26, 2025 | Jun 26, 2025 | Mar 27, 2026 |
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: avoid skb access on nf_stolen
When verdict is NF_STOLEN, the skb might have been freed.
When tracing is enabled, this can result in a use-after-free:
1. access to skb->nf_trace
2. access to skb->mark
3. computation of trace id
4. dump of packet payload
To avoid 1, keep a cached copy of skb->nf_trace in the
trace state struct.
Refresh this copy whenever verdict is != STOLEN.
Avoid 2 by skipping skb->mark access if verdict is STOLEN.
3 is avoided by precomputing the trace id.
Only dump the packet when verdict is not "STOLEN".
Solution
References
- CVE-2022-49622
- https://attackerkb.com/topics/CVE-2022-49622
- CWE-416
- EUVD-EUVD-2022-54610
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-54610
- https://git.kernel.org/linus/e34b9ed96ce3b06c79bf884009b16961ca478f87
- https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba
- https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87
- https://www.cve.org/CVERecord?id=CVE-2022-49622
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.