high
7.8
CWE
416
Advisory Published
Updated

CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()

First published: Thu Jun 20 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=3.14<4.9.300
Linux Kernel>=4.10<4.14.265
Linux Kernel>=4.15<4.19.228
Linux Kernel>=4.20<5.4.177
Linux Kernel>=5.5<5.10.97
Linux Kernel>=5.11<5.15.20
Linux Kernel>=5.16<5.16.6

Remedy

https://git.kernel.org/stable/c/2cf180360d66bd657e606c1217e0e668e6faa303

Remedy

https://git.kernel.org/stable/c/36a9a0aee881940476b254e0352581401b23f210

Remedy

https://git.kernel.org/stable/c/3bbe2019dd12b8d13671ee6cda055d49637b4c39

Remedy

https://git.kernel.org/stable/c/7d9211678c0f0624f74cdff36117ab8316697bb8

Remedy

https://git.kernel.org/stable/c/a01e60a1ec6bef9be471fb7182a33c6d6f124e93

Remedy

https://git.kernel.org/stable/c/bd43771ee9759dd9dfae946bff190e2c5a120de5

Remedy

https://git.kernel.org/stable/c/c6f6f2444bdbe0079e41914a35081530d0409963

Remedy

https://git.kernel.org/stable/c/def5e7070079b2a214b3b1a2fbec623e6fbfe34a

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-48742?

    CVE-2022-48742 has not been assigned a specific severity score yet.

  • How do I fix CVE-2022-48742?

    To mitigate CVE-2022-48742, update the Linux kernel to a version above the affected ranges.

  • Which versions of the Linux kernel are affected by CVE-2022-48742?

    CVE-2022-48742 affects Linux kernel versions between 3.14 and 4.9.300, 4.10 and 4.14.265, 4.15 and 4.19.228, 4.20 and 5.4.177, 5.5 and 5.10.97, 5.11 and 5.15.20, and 5.16 and 5.16.6.

  • What component of the Linux kernel does CVE-2022-48742 impact?

    CVE-2022-48742 impacts the rtnetlink component of the Linux kernel.

  • Is CVE-2022-48742 a use-after-free vulnerability?

    Yes, CVE-2022-48742 has the potential to trigger a use-after-free condition.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203