{"id":"AZL-59013","summary":"CVE-2022-49622 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: avoid skb access on nf_stolen\n\nWhen verdict is NF_STOLEN, the skb might have been freed.\n\nWhen tracing is enabled, this can result in a use-after-free:\n1. access to skb-\u003enf_trace\n2. access to skb-\u003emark\n3. computation of trace id\n4. dump of packet payload\n\nTo avoid 1, keep a cached copy of skb-\u003enf_trace in the\ntrace state struct.\nRefresh this copy whenever verdict is != STOLEN.\n\nAvoid 2 by skipping skb-\u003emark access if verdict is STOLEN.\n\n3 is avoided by precomputing the trace id.\n\nOnly dump the packet when verdict is not \"STOLEN\".","modified":"2026-04-21T04:37:11.396259Z","published":"2025-02-26T07:01:37Z","upstream":["CVE-2022-49622"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49622"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59013.json"}}],"schema_version":"1.7.5"}