CVE-2022-48639

net: sched: fix possible refcount leak in tc_new_tfilter()

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix possible refcount leak in tc_new_tfilter() tfilter_put need to be called to put the refount got by tp->ops->get to avoid possible refcount leak when chain->tmplt_ops != NULL and chain->tmplt_ops != tp->ops.

5.5

CVSS

Severity: Medium

CVSS 3.1 •

EPSS 0.06%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/903f7d322c17d8e306d766404b4604e81653902a	patch
https://git.kernel.org/stable/c/8844c750eeb03452e2b3319c27a526f447b82596	patch
https://git.kernel.org/stable/c/f8162aed962be8fa07445b2b5928e84ab40dd8d7	patch
https://git.kernel.org/stable/c/0559d91ee3a2cd81b15ad5cd507539d6da867f88	patch
https://git.kernel.org/stable/c/c2e1cfefcac35e0eea229e148c8284088ce437b5	patch

Frequently Asked Questions

What is the severity of CVE-2022-48639?: CVE-2022-48639 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48639?: To fix CVE-2022-48639, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48639 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-48639 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48639?: CVE-2022-48639 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.