vulnerability

Ubuntu: (Multiple Advisories) (CVE-2022-49636): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Feb 26, 2025	Jun 20, 2025	Aug 18, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Feb 26, 2025

Added

Jun 20, 2025

Modified

Aug 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

vlan: fix memory leak in vlan_newlink()

Blamed commit added back a bug I fixed in commit 9bbd917e0bec
("vlan: fix memory leak in vlan_dev_set_egress_priority")

If a memory allocation fails in vlan_changelink() after other allocations
succeeded, we need to call vlan_dev_free_egress_priority()
to free all allocated memory because after a failed ->newlink()
we do not call any methods like ndo_uninit() or dev->priv_destructor().

In following example, if the allocation for last element 2000:2001 fails,
we need to free eight prior allocations:

ip link add link dummy0 dummy0.100 type vlan id 100 \
egress-qos-map 1:2 2:3 3:4 4:5 5:6 6:7 7:8 8:9 2000:2001

syzbot report was:

BUG: memory leak
unreferenced object 0xffff888117bd1060 (size 32):
comm "syz-executor408", pid 3759, jiffies 4294956555 (age 34.090s)
hex dump (first 32 bytes):
09 00 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff83fc60ad>] kmalloc include/linux/slab.h:600 [inline]
[<ffffffff83fc60ad>] vlan_dev_set_egress_priority+0xed/0x170 net/8021q/vlan_dev.c:193
[<ffffffff83fc6628>] vlan_changelink+0x178/0x1d0 net/8021q/vlan_netlink.c:128
[<ffffffff83fc67c8>] vlan_newlink+0x148/0x260 net/8021q/vlan_netlink.c:185
[<ffffffff838b1278>] rtnl_newlink_create net/core/rtnetlink.c:3363 [inline]
[<ffffffff838b1278>] __rtnl_newlink+0xa58/0xdc0 net/core/rtnetlink.c:3580
[<ffffffff838b1629>] rtnl_newlink+0x49/0x70 net/core/rtnetlink.c:3593
[<ffffffff838ac66c>] rtnetlink_rcv_msg+0x21c/0x5c0 net/core/rtnetlink.c:6089
[<ffffffff839f9c37>] netlink_rcv_skb+0x87/0x1d0 net/netlink/af_netlink.c:2501
[<ffffffff839f8da7>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
[<ffffffff839f8da7>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345
[<ffffffff839f9266>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921
[<ffffffff8384dbf6>] sock_sendmsg_nosec net/socket.c:714 [inline]
[<ffffffff8384dbf6>] sock_sendmsg+0x56/0x80 net/socket.c:734
[<ffffffff8384e15c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2488
[<ffffffff838523cb>] ___sys_sendmsg+0x8b/0xd0 net/socket.c:2542
[<ffffffff838525b8>] __sys_sendmsg net/socket.c:2571 [inline]
[<ffffffff838525b8>] __do_sys_sendmsg net/socket.c:2580 [inline]
[<ffffffff838525b8>] __se_sys_sendmsg net/socket.c:2578 [inline]
[<ffffffff838525b8>] __x64_sys_sendmsg+0x78/0xf0 net/socket.c:2578
[<ffffffff845ad8d5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff845ad8d5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff8460006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0

Solutions

ubuntu-upgrade-linux-image-5-15-0-1028-nvidia-tegra-igxubuntu-upgrade-linux-image-5-15-0-1028-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-5-15-0-1039-nvidia-tegraubuntu-upgrade-linux-image-5-15-0-1039-nvidia-tegra-rtubuntu-upgrade-linux-image-5-15-0-1050-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1068-gkeopubuntu-upgrade-linux-image-5-15-0-1078-ibmubuntu-upgrade-linux-image-5-15-0-1079-intel-iot-realtimeubuntu-upgrade-linux-image-5-15-0-1080-nvidiaubuntu-upgrade-linux-image-5-15-0-1080-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1080-raspiubuntu-upgrade-linux-image-5-15-0-1081-intel-iotgubuntu-upgrade-linux-image-5-15-0-1082-kvmubuntu-upgrade-linux-image-5-15-0-1083-gkeubuntu-upgrade-linux-image-5-15-0-1083-intel-iotgubuntu-upgrade-linux-image-5-15-0-1083-oracleubuntu-upgrade-linux-image-5-15-0-1085-gcpubuntu-upgrade-linux-image-5-15-0-1085-gcp-fipsubuntu-upgrade-linux-image-5-15-0-1086-awsubuntu-upgrade-linux-image-5-15-0-1086-aws-64kubuntu-upgrade-linux-image-5-15-0-1086-aws-fipsubuntu-upgrade-linux-image-5-15-0-1086-realtimeubuntu-upgrade-linux-image-5-15-0-1091-azureubuntu-upgrade-linux-image-5-15-0-1091-azure-fipsubuntu-upgrade-linux-image-5-15-0-142-fipsubuntu-upgrade-linux-image-5-15-0-142-genericubuntu-upgrade-linux-image-5-15-0-142-generic-64kubuntu-upgrade-linux-image-5-15-0-142-generic-lpaeubuntu-upgrade-linux-image-5-15-0-142-lowlatencyubuntu-upgrade-linux-image-5-15-0-142-lowlatency-64kubuntu-upgrade-linux-image-5-4-0-1065-xilinx-zynqmpubuntu-upgrade-linux-image-5-4-0-1093-ibmubuntu-upgrade-linux-image-5-4-0-1106-bluefieldubuntu-upgrade-linux-image-5-4-0-1121-fipsubuntu-upgrade-linux-image-5-4-0-1130-raspiubuntu-upgrade-linux-image-5-4-0-1134-kvmubuntu-upgrade-linux-image-5-4-0-1145-oracleubuntu-upgrade-linux-image-5-4-0-1147-awsubuntu-upgrade-linux-image-5-4-0-1147-aws-fipsubuntu-upgrade-linux-image-5-4-0-1150-gcpubuntu-upgrade-linux-image-5-4-0-1150-gcp-fipsubuntu-upgrade-linux-image-5-4-0-1152-azureubuntu-upgrade-linux-image-5-4-0-1153-azure-fipsubuntu-upgrade-linux-image-5-4-0-218-genericubuntu-upgrade-linux-image-5-4-0-218-generic-lpaeubuntu-upgrade-linux-image-5-4-0-218-lowlatencyubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-64k-lts-22-04ubuntu-upgrade-linux-image-aws-fipsubuntu-upgrade-linux-image-aws-lts-20-04ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fipsubuntu-upgrade-linux-image-azure-lts-20-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-bluefieldubuntu-upgrade-linux-image-fipsubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-fipsubuntu-upgrade-linux-image-gcp-lts-20-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-lts-20-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iot-realtimeubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-intel-iotg-5-15ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-tegraubuntu-upgrade-linux-image-nvidia-tegra-igxubuntu-upgrade-linux-image-nvidia-tegra-igx-rtubuntu-upgrade-linux-image-nvidia-tegra-rtubuntu-upgrade-linux-image-oemubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-osp1ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-lts-20-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-hwe-18-04ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi2ubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-18-04ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-xilinx-zynqmp

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today