Vulnerabilities > CVE-2022-49919 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UAF triggered by races with the netlink notifier.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/26b5934ff4194e13196bedcba373cd4915071d0e
- https://git.kernel.org/stable/c/4ab6f96444e936f5e4a936d5c0bc948144bcded3
- https://git.kernel.org/stable/c/6044791b7be707fd0e709f26e961a446424e5051
- https://git.kernel.org/stable/c/74fd5839467054cd9c4d050614d3ee8788386171
- https://git.kernel.org/stable/c/b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e