Bugzilla – Bug 1199939
VUL-0: CVE-2022-1678: kernel-source-rt,kernel-source,kernel-source-azure: improper socket reference counting in TCP pacing leads to memory leak
Last modified: 2022-05-27 12:27:35 UTC
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper
update of sock reference in TCP pacing can lead to memory/netns leak, which can
be used by remote clients.
From the commit message :
> In linux-4.20, TCP stack adopted EDT (Earliest Departure
> Time) model and this issue was incidentally fixed.
From what I can see, the EDT patchset  was backported to all of our branches, so we should not be affected.
Right, our 4.12-based or older kernels don't contain the buggy patch (73a6bab5aa2a), hence unaffeced, while 5.3-based or newer kernels already contain the fix.
Reassigned back to security team.