CVE-2022-49085

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/0489700bfeb1e53eb2039c2291c67e71b0b40103", "name": "https://git.kernel.org/stable/c/0489700bfeb1e53eb2039c2291c67e71b0b40103", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/188fe6b26765edbad4055611c0f788b6870f4024", "name": "https://git.kernel.org/stable/c/188fe6b26765edbad4055611c0f788b6870f4024", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/226e993c39405292781bfcf4b039a8db56aab362", "name": "https://git.kernel.org/stable/c/226e993c39405292781bfcf4b039a8db56aab362", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/594205b4936771a250f9d141e7e0fff21c3dd2d9", "name": "https://git.kernel.org/stable/c/594205b4936771a250f9d141e7e0fff21c3dd2d9", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/a972c768723359ec995579902473028fe3cd64b1", "name": "https://git.kernel.org/stable/c/a972c768723359ec995579902473028fe3cd64b1", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/aadb22ba2f656581b2f733deb3a467c48cc618f6", "name": "https://git.kernel.org/stable/c/aadb22ba2f656581b2f733deb3a467c48cc618f6", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/b6a4055036eed1f5e239ce3d8b0db1ce38bba447", "name": "https://git.kernel.org/stable/c/b6a4055036eed1f5e239ce3d8b0db1ce38bba447", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/dcf6be17b5c53b741898d2223b23e66d682de300", "name": "https://git.kernel.org/stable/c/dcf6be17b5c53b741898d2223b23e66d682de300", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/de63e74da2333b4068bb79983e632db730fea97e", "name": "https://git.kernel.org/stable/c/de63e74da2333b4068bb79983e632db730fea97e", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: Fix five use after free bugs in get_initial_state\n\nIn get_initial_state, it calls notify_initial_state_done(skb,..) if\ncb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),\nthe skb will be freed by nlmsg_free(skb).\nThen get_initial_state will goto out and the freed skb will be used by\nreturn value skb->len, which is a uaf bug.\n\nWhat's worse, the same problem goes even further: skb can also be\nfreed in the notify_*_state_change -> notify_*_state calls below.\nThus 4 additional uaf bugs happened.\n\nMy patch lets the problem callee functions: notify_initial_state_done\nand notify_*_state_change return an error code if errors happen.\nSo that the error codes could be propagated and the uaf bugs can be avoid.\n\nv2 reports a compilation warning. This v3 fixed this warning and built\nsuccessfully in my local environment with no additional warnings.\nv2: https://lore.kernel.org/patchwork/patch/1435218/"}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-49085", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2025-02-26T07:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.4.189", "versionStartIncluding": "4.20"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.19.238", "versionStartIncluding": "4.15"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.16.20", "versionStartIncluding": "5.16"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.10.111", "versionStartIncluding": "5.5"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.9.311", "versionStartIncluding": "4.5"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.14.276", "versionStartIncluding": "4.10"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.15.34", "versionStartIncluding": "5.11"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-25T16:21Z"}