CVE-2022-49672

net: tun: unlink NAPI from device on destruction

Description

In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tun_file which can get destroyed before the netdev so we have to del them explicitly. The current code is missing deleting the NAPI if the queue was detached first.

N/A
CVSS
Severity:
EPSS 0.10%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9
https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485d
https://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989
https://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77c
https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728
https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2db

Frequently Asked Questions

What is the severity of CVE-2022-49672?
CVE-2022-49672 has not yet been assigned a CVSS score.
How to fix CVE-2022-49672?
To fix CVE-2022-49672, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49672 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49672 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49672?
CVE-2022-49672 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.