CVE-2022-49153 Information

Description

In the Linux kernel the following vulnerability has been resolved:

wireguard: socket: free skb in send6 when ipv6 is disabled

I got a memory leak report:

unreferenced object 0xffff8881191fc040 (size 232): comm \kworker/u17:0\ pid 23193 jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace: [] slab_post_alloc_hook+0x84/0x3b0 [] kmem_cache_alloc_node+0x167/0x340 [] __alloc_skb+0x1db/0x200 [] wg_socket_send_buffer_to_peer+0x3d/0xc0 [] wg_packet_send_handshake_initiation+0xfa/0x110 [] wg_packet_handshake_send_worker+0x21/0x30 [] process_one_work+0x2e8/0x770 [] worker_thread+0x4a/0x4b0 [] kthread+0x120/0x160 [] ret_from_fork+0x1f/0x30

In function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_ buffer_to_peer() the semantics of send6() is required to free skb. But when CONFIG_IPV6 is disable kfree_skb() is missing. This patch adds it to fix this bug.

Reference

https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837 https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726 https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258 https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1