Bug 1223476 (CVE-2022-48641)

Summary:	VUL-0: CVE-2022-48641: kernel: netfilter: ebtables: fix memory leak when blob is malformed
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Kernel Bugs <kernel-bugs>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	rfrohl
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/403398/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-04-29 09:02:34 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ebtables: fix memory leak when blob is malformed

The bug fix was incomplete, it "replaced" crash with a memory leak.
The old code had an assignment to "ret" embedded into the conditional,
restore this.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48641
https://www.cve.org/CVERecord?id=CVE-2022-48641
https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab
https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e
https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33
https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9
https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1
https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f
https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2022/CVE-2022-48641.mbox

Comment 1 Robert Frohl 2024-04-29 09:03:16 UTC

does not affect any SUSE/openSUSE kernels, closing