In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-0:4.18.0-425.3.1.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:7683 2022-11-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-162.6.1.el9_1 cpe:/a:redhat:enterprise_linux:9 RHSA-2022:8267 2022-11-15T00:00:00Z
kernel-0:5.14.0-162.6.1.el9_1 cpe:/o:redhat:enterprise_linux:9 RHSA-2022:8267 2022-11-15T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/01989d7eebb61c99bd4b88ebc8e261bd2f02caed cve-icon cve-icon
https://git.kernel.org/stable/c/04e4a11dc723c52db7a36dc58f0d69ce6426f8f0 cve-icon cve-icon
https://git.kernel.org/stable/c/04f9e9104c969d8ce10a4a43634f641ed082092d cve-icon cve-icon
https://git.kernel.org/stable/c/56b14ecec97f39118bf85c9ac2438c5a949509ed cve-icon cve-icon
https://git.kernel.org/stable/c/91a36ec160ec1a0c8f5352b772dffcbb0b6023e3 cve-icon cve-icon
https://git.kernel.org/stable/c/92a999d1963eed0df666284e20055136ceabd12f cve-icon cve-icon
https://git.kernel.org/stable/c/b16bb373988da3ceb0308381634117e18b6ec60d cve-icon cve-icon
https://git.kernel.org/stable/c/e97222b785e70e8973281666d709baad6523d8af cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022617-CVE-2022-49561-3e6a@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49561 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49561 cve-icon
History

Sat, 07 Jun 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Fri, 28 Feb 2025 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 26 Feb 2025 02:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger.
Title netfilter: conntrack: re-fetch conntrack after insertion
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T08:40:35.483Z

Reserved: 2025-02-26T02:08:31.591Z

Link: CVE-2022-49561

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-02-26T07:01:31.877

Modified: 2025-02-26T07:01:31.877

Link: CVE-2022-49561

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49561 - Bugzilla