CVE-2022-48641

netfilter: ebtables: fix memory leak when blob is malformed

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1 patch
https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e patch
https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab patch
https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee patch
https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f patch
https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33 patch
https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9 patch

Frequently Asked Questions

What is the severity of CVE-2022-48641?
CVE-2022-48641 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48641?
To fix CVE-2022-48641, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48641 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48641 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48641?
CVE-2022-48641 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.