CVE-2022-49048

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix panic when forwarding a pkt with no in6 dev kongweibin reported a kernel panic in ip6_forward() when input interface has no in6 dev associated. The following tc commands were used to reproduce this panic: tc qdisc del dev vxlan100 root tc qdisc add dev vxlan100 root netem corrupt 5%

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/74b68f5249f16c5f7f675d0f604fa6ae20e3a151	Patch
https://git.kernel.org/stable/c/a263712ba8c9ded25dd9d2d5ced11bcea5b33a3e	Patch
https://git.kernel.org/stable/c/ab2f5afb7af5c68389e8c7dd29e0a98fbeaaa435	Patch
https://git.kernel.org/stable/c/adee01bbf6cb5b3e4ed08be8ff866aac90f13836	Patch
https://git.kernel.org/stable/c/e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0	Patch
https://git.kernel.org/stable/c/e69fb3de87a8923e5931a272a38fa3cceb01da44	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.14:-::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc7::::::
	cpe:2.3:o:linux:linux_kernel:5.18:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.18:rc2::::::

History

14 Oct 2025, 19:06

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: se corrige el pánico al reenviar un paquete sin un dev in6 kongweibin informó un pánico del kernel en ip6_forward() cuando la interfaz de entrada no tiene un dev in6 asociado. Se utilizaron los siguientes comandos tc para reproducir este pánico: tc qdisc del dev vxlan100 root tc qdisc add dev vxlan100 root netem corrupt 5%
CPE		cpe:2.3:o:linux:linux_kernel:5.14:-:::::: cpe:2.3:o:linux:linux_kernel:5.18:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.18:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:5.14:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.14:rc6:::::: cpe:2.3:o:linux:linux_kernel:5.14:rc4::::::
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/74b68f5249f16c5f7f675d0f604fa6ae20e3a151 -~~	() https://git.kernel.org/stable/c/74b68f5249f16c5f7f675d0f604fa6ae20e3a151 - Patch
References	~~() https://git.kernel.org/stable/c/a263712ba8c9ded25dd9d2d5ced11bcea5b33a3e -~~	() https://git.kernel.org/stable/c/a263712ba8c9ded25dd9d2d5ced11bcea5b33a3e - Patch
References	~~() https://git.kernel.org/stable/c/ab2f5afb7af5c68389e8c7dd29e0a98fbeaaa435 -~~	() https://git.kernel.org/stable/c/ab2f5afb7af5c68389e8c7dd29e0a98fbeaaa435 - Patch
References	~~() https://git.kernel.org/stable/c/adee01bbf6cb5b3e4ed08be8ff866aac90f13836 -~~	() https://git.kernel.org/stable/c/adee01bbf6cb5b3e4ed08be8ff866aac90f13836 - Patch
References	~~() https://git.kernel.org/stable/c/e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0 -~~	() https://git.kernel.org/stable/c/e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0 - Patch
References	~~() https://git.kernel.org/stable/c/e69fb3de87a8923e5931a272a38fa3cceb01da44 -~~	() https://git.kernel.org/stable/c/e69fb3de87a8923e5931a272a38fa3cceb01da44 - Patch

26 Feb 2025, 07:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:00

Updated : 2025-10-14 19:06

NVD link : CVE-2022-49048

Mitre link : CVE-2022-49048

CVE.ORG link : CVE-2022-49048

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10