Bug 1199939 - (CVE-2022-1678) VUL-0: CVE-2022-1678: kernel-source-rt,kernel-source,kernel-source-azure: improper socket reference counting in TCP pacing leads to memory leak
(CVE-2022-1678)
VUL-0: CVE-2022-1678: kernel-source-rt,kernel-source,kernel-source-azure: imp...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/332942/
CVSSv3.1:SUSE:CVE-2022-1678:5.9:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-26 10:06 UTC by Carlos López
Modified: 2022-05-27 12:27 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Carlos López 2022-05-26 10:10:39 UTC
From the commit message [0]:

> In linux-4.20, TCP stack adopted EDT (Earliest Departure
> Time) model and this issue was incidentally fixed.

From what I can see, the EDT patchset [1] was backported to all of our branches, so we should not be affected. 

[0] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a70f118475e037732557796accd0878a00fc25a
[1] https://lwn.net/ml/netdev/20180921155154.49489-1-edumazet@google.com/
Comment 2 Takashi Iwai 2022-05-27 12:25:23 UTC
Right, our 4.12-based or older kernels don't contain the buggy patch (73a6bab5aa2a), hence unaffeced, while 5.3-based or newer kernels already contain the fix.

Reassigned back to security team.
Comment 3 Carlos López 2022-05-27 12:27:35 UTC
Closing.