{"id":"CVE-2022-49622","summary":"netfilter: nf_tables: avoid skb access on nf_stolen","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: avoid skb access on nf_stolen\n\nWhen verdict is NF_STOLEN, the skb might have been freed.\n\nWhen tracing is enabled, this can result in a use-after-free:\n1. access to skb-\u003enf_trace\n2. access to skb-\u003emark\n3. computation of trace id\n4. dump of packet payload\n\nTo avoid 1, keep a cached copy of skb-\u003enf_trace in the\ntrace state struct.\nRefresh this copy whenever verdict is != STOLEN.\n\nAvoid 2 by skipping skb-\u003emark access if verdict is STOLEN.\n\n3 is avoided by precomputing the trace id.\n\nOnly dump the packet when verdict is not \"STOLEN\".","modified":"2026-04-02T08:27:46.189424Z","published":"2025-02-26T02:23:39.341Z","related":["SUSE-SU-2025:02334-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49622.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49622.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49622"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5efa0fc6d7f7930b18801f07cefae8eeacd6ac02"},{"fixed":"0016d5d46d7440729a3132f61a8da3bf7f84e2ba"},{"fixed":"e34b9ed96ce3b06c79bf884009b16961ca478f87"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49622.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}