cve-2022-49664
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 12:45
Severity ?
Summary
tipc: move bc link creation back to tipc_node_create
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6fPatch
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/node.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "456bc338871c4a52117dd5ef29cce3745456d248",
              "status": "affected",
              "version": "4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4",
              "versionType": "git"
            },
            {
              "lessThan": "35fcb2ba35b4d9b592b558c3bcc6e0d90e213588",
              "status": "affected",
              "version": "4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4",
              "versionType": "git"
            },
            {
              "lessThan": "e52910e671f58c619e33dac476b11b35e2d3ab6f",
              "status": "affected",
              "version": "4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4",
              "versionType": "git"
            },
            {
              "lessThan": "cb8092d70a6f5f01ec1490fce4d35efed3ed996c",
              "status": "affected",
              "version": "4cbf8ac2fe5a0846508fe02b95a5de1a90fa73f4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0b8f0026bbd4df1688e1726026476e60762daf2a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/node.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.129",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.53",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.10",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.287",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: move bc link creation back to tipc_node_create\n\nShuang Li reported a NULL pointer dereference crash:\n\n  [] BUG: kernel NULL pointer dereference, address: 0000000000000068\n  [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc]\n  [] Call Trace:\n  []  \u003cIRQ\u003e\n  []  tipc_bcast_rcv+0xa2/0x190 [tipc]\n  []  tipc_node_bc_rcv+0x8b/0x200 [tipc]\n  []  tipc_rcv+0x3af/0x5b0 [tipc]\n  []  tipc_udp_recv+0xc7/0x1e0 [tipc]\n\nIt was caused by the \u0027l\u0027 passed into tipc_bcast_rcv() is NULL. When it\ncreates a node in tipc_node_check_dest(), after inserting the new node\ninto hashtable in tipc_node_create(), it creates the bc link. However,\nthere is a gap between this insert and bc link creation, a bc packet\nmay come in and get the node from the hashtable then try to dereference\nits bc link, which is NULL.\n\nThis patch is to fix it by moving the bc link creation before inserting\ninto the hashtable.\n\nNote that for a preliminary node becoming \"real\", the bc link creation\nshould also be called before it\u0027s rehashed, as we don\u0027t create it for\npreliminary nodes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:45:05.097Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248"
        },
        {
          "url": "https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588"
        },
        {
          "url": "https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996c"
        }
      ],
      "title": "tipc: move bc link creation back to tipc_node_create",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49664",
    "datePublished": "2025-02-26T02:23:59.792Z",
    "dateReserved": "2025-02-26T02:21:30.435Z",
    "dateUpdated": "2025-05-04T12:45:05.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49664\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:41.420\",\"lastModified\":\"2025-03-11T22:25:53.450\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: move bc link creation back to tipc_node_create\\n\\nShuang Li reported a NULL pointer dereference crash:\\n\\n  [] BUG: kernel NULL pointer dereference, address: 0000000000000068\\n  [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc]\\n  [] Call Trace:\\n  []  \u003cIRQ\u003e\\n  []  tipc_bcast_rcv+0xa2/0x190 [tipc]\\n  []  tipc_node_bc_rcv+0x8b/0x200 [tipc]\\n  []  tipc_rcv+0x3af/0x5b0 [tipc]\\n  []  tipc_udp_recv+0xc7/0x1e0 [tipc]\\n\\nIt was caused by the \u0027l\u0027 passed into tipc_bcast_rcv() is NULL. When it\\ncreates a node in tipc_node_check_dest(), after inserting the new node\\ninto hashtable in tipc_node_create(), it creates the bc link. However,\\nthere is a gap between this insert and bc link creation, a bc packet\\nmay come in and get the node from the hashtable then try to dereference\\nits bc link, which is NULL.\\n\\nThis patch is to fix it by moving the bc link creation before inserting\\ninto the hashtable.\\n\\nNote that for a preliminary node becoming \\\"real\\\", the bc link creation\\nshould also be called before it\u0027s rehashed, as we don\u0027t create it for\\npreliminary nodes.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: mover la creaci\u00f3n del enlace bc de nuevo a tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL pointer dereference, address: 0000000000000068 [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc] [] Call Trace: []  [] tipc_bcast_rcv+0xa2/0x190 [tipc] [] tipc_node_bc_rcv+0x8b/0x200 [tipc] [] tipc_rcv+0x3af/0x5b0 [tipc] [] tipc_udp_recv+0xc7/0x1e0 [tipc] It was caused by the \u0027l\u0027 passed into tipc_bcast_rcv() is NULL. Cuando crea un nodo en tipc_node_check_dest(), despu\u00e9s de insertar el nuevo nodo en la tabla hash en tipc_node_create(), crea el enlace bc. Sin embargo, hay una brecha entre esta inserci\u00f3n y la creaci\u00f3n del enlace bc, un paquete bc puede llegar y obtener el nodo de la tabla hash y luego intentar desreferenciar su enlace bc, que es NULL. Este parche es para solucionarlo moviendo la creaci\u00f3n del enlace bc antes de insertarlo en la tabla hash. Tenga en cuenta que para que un nodo preliminar se vuelva \\\"real\\\", la creaci\u00f3n del enlace bc tambi\u00e9n debe llamarse antes de que se vuelva a crear, ya que no lo creamos para los nodos preliminares.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.287\",\"versionEndExcluding\":\"5.10.129\",\"matchCriteriaId\":\"2CED68CD-DF2D-4A28-BAB6-F04A71D588FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.53\",\"matchCriteriaId\":\"70DCF327-F4B6-4CDB-8C9E-98E909E60127\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.18.10\",\"matchCriteriaId\":\"8261A22B-B156-4045-AE8E-AA9E95E7930C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C30C2D-F82D-4D37-AB48-D76ABFBD5377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8547FC-C849-4F1B-804B-A93AE2F04A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3068028-F453-4A1C-B80F-3F5609ACEF60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9C0DB0-D349-489F-A3D6-B77214E93A8A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/35fcb2ba35b4d9b592b558c3bcc6e0d90e213588\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/456bc338871c4a52117dd5ef29cce3745456d248\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cb8092d70a6f5f01ec1490fce4d35efed3ed996c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e52910e671f58c619e33dac476b11b35e2d3ab6f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.