CVE-2022-48643

Published: Apr 28, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_enabled counter at nf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter: nf_tables: do not leave chain stats enabled on error") missed that nf_tables_chain_destroy() after nft_basechain_init() in the error path of nf_tables_addchain() decrements the counter because nft_basechain_init() makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag. Increment the counter immediately after returning from nft_basechain_init().

Vendor	Product	Versions
Linux	Linux	affected `c907dfe4eaca9665694a0340de1458a093abe354 - < 710e3f526bd23a0d33435dedc52c3144de284378` affected `6d7ddee503951641f3ec6f0e3269446970bbcdab - < 91aa52652f4b37089aff3cb53e83049d826fef6d` affected `98a621ef45e3605c7487f7fa6fec7df94697d6a2 - < 8bcad2a931313aeba076b76922d5813ef97d0a91` affected `43eb8949cfdffa764b92bc6c54b87cbe5b0003fe - < 921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd`
Linux	Linux	affected `5.10.140 - < 5.10.146` affected `5.15.64 - < 5.15.71` affected `5.19.6 - < 5.19.12`

References

https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378

https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d

https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91

https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48643

Description

Affected Products

References