{"id":"CVE-2022-49017","summary":"tipc: re-fetch skb cb after tipc_msg_validate","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: re-fetch skb cb after tipc_msg_validate\n\nAs the call trace shows, the original skb was freed in tipc_msg_validate(),\nand dereferencing the old skb cb would cause an use-after-free crash.\n\n  BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n  Call Trace:\n   \u003cIRQ\u003e\n   tipc_crypto_rcv_complete+0x1835/0x2240 [tipc]\n   tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n   tipc_rcv+0x744/0x1150 [tipc]\n  ...\n  Allocated by task 47078:\n   kmem_cache_alloc_node+0x158/0x4d0\n   __alloc_skb+0x1c1/0x270\n   tipc_buf_acquire+0x1e/0xe0 [tipc]\n   tipc_msg_create+0x33/0x1c0 [tipc]\n   tipc_link_build_proto_msg+0x38a/0x2100 [tipc]\n   tipc_link_timeout+0x8b8/0xef0 [tipc]\n   tipc_node_timeout+0x2a1/0x960 [tipc]\n   call_timer_fn+0x2d/0x1c0\n  ...\n  Freed by task 47078:\n   tipc_msg_validate+0x7b/0x440 [tipc]\n   tipc_crypto_rcv_complete+0x4b5/0x2240 [tipc]\n   tipc_crypto_rcv+0xd32/0x1ec0 [tipc]\n   tipc_rcv+0x744/0x1150 [tipc]\n\nThis patch fixes it by re-fetching the skb cb from the new allocated skb\nafter calling tipc_msg_validate().","modified":"2026-03-20T12:22:06.084874Z","published":"2024-10-21T20:06:25.971Z","related":["SUSE-SU-2024:3983-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:4364-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49017.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1daec0815655e110c6f206c5e777a4af8168ff58"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3067bc61fcfe3081bf4807ce65560f499e895e77"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a1ba595e35aa3afbe417ff0af353afb9f65559c0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e128190adb2edfd5042105b5d1ed4553f295f5ef"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49017.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49017"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0"},{"fixed":"a1ba595e35aa3afbe417ff0af353afb9f65559c0"},{"fixed":"1daec0815655e110c6f206c5e777a4af8168ff58"},{"fixed":"e128190adb2edfd5042105b5d1ed4553f295f5ef"},{"fixed":"3067bc61fcfe3081bf4807ce65560f499e895e77"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49017.json"}}],"schema_version":"1.7.5"}