#VU104730 Double free in Linux kernel - CVE-2022-49339
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104730
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49339
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the seg6_hmac_init() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/1084716f76c8045eadf92a9d9a62641f3c8d8c90
- https://git.kernel.org/stable/c/317260b3eb6384a05a8af212308fa50f3b2e8290
- https://git.kernel.org/stable/c/3e6de5037148c5a93a436b1e8d2edad3dac11755
- https://git.kernel.org/stable/c/5801f064e35181c71857a80ff18af4dbec3c5f5c
- https://git.kernel.org/stable/c/5d9c1b081ad28c852a97e10dd75412546497694a
- https://git.kernel.org/stable/c/64aef8efe96c1616142c4476a05731306fc4494e
- https://git.kernel.org/stable/c/9ba4416b831eeb4d185e88e73488d1d21288e63a
- https://git.kernel.org/stable/c/ab8b2c2de273ec1d698a18e399896a6febb5cda0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.247