CVE-2022-49558
Published: Feb 26, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path which unregisters the hooks, then the NETDEV_UNREGISTER event is triggered which unregisters the hooks again. [ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270 [...] [ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0-rc7+ #27 [ 565.253682] Workqueue: netns cleanup_net [ 565.257059] RIP: 0010:__nf_unregister_net_hook+0x247/0x270 [...] [ 565.297120] Call Trace: [ 565.300900] <TASK> [ 565.304683] nf_tables_flowtable_event+0x16a/0x220 [nf_tables] [ 565.308518] raw_notifier_call_chain+0x63/0x80 [ 565.312386] unregister_netdevice_many+0x54f/0xb50 Unregister and destroy netdev hook from netns pre_exit via kfree_rcu so the NETDEV_UNREGISTER path see unregistered hooks.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b110391d1e806167254d3c7ae5d637191d913175 - < b09e6ccf0d12f9356e8e3508d3e3dce126298538affected 0a0e5d47670b753d3dbf88f3c77a97a30864d9bd - < 3fac8ce48fa9fd61ee9056d3ed48b2edefca8b82affected 767d1216bff82507c945e92fe719dff2083bb2f4 - < 9c413a8c8bb49cc16796371805ecb260e885bb2baffected 767d1216bff82507c945e92fe719dff2083bb2f4 - < a3940dcf552f2393d1e8f263b386593f98abe829affected 767d1216bff82507c945e92fe719dff2083bb2f4 - < 86c0154f4c3a56c5db8b9dd09e3ce885382c2c19+3 more versions |
Linux | Linux | affected 5.11unaffected 0 - < 5.11unaffected 5.4.262 - <= 5.4.*unaffected 5.10.198 - <= 5.10.*unaffected 5.15.45 - <= 5.15.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now