SB2025022723 - Input validation error in Linux kernel net
Published: February 27, 2025 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-49325)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the get_tcp6_sock() function in net/ipv6/tcp_ipv6.c, within the tcp_yeah_cong_avoid(), tcp_snd_cwnd() and tcp_yeah_ssthresh() functions in net/ipv4/tcp_yeah.c, within the tcp_westwood_event() function in net/ipv4/tcp_westwood.c, within the tcp_veno_cong_avoid() and tcp_veno_ssthresh() functions in net/ipv4/tcp_veno.c, within the EXPORT_SYMBOL_GPL() and tcp_vegas_cong_avoid() functions in net/ipv4/tcp_vegas.c, within the tcp_scalable_cong_avoid() and tcp_scalable_ssthresh() functions in net/ipv4/tcp_scalable.c, within the tcp_rate_check_app_limited() function in net/ipv4/tcp_rate.c, within the tcp_cwnd_restart(), tcp_tsq_write(), tcp_cwnd_application_limited(), tcp_cwnd_test(), tcp_tso_should_defer(), tcp_mtu_probe(), tcp_chrono_stop(), tcp_send_loss_probe() and tcp_xmit_retransmit_queue() functions in net/ipv4/tcp_output.c, within the tcpnv_cong_avoid(), tcpnv_recalc_ssthresh() and tcpnv_acked() functions in net/ipv4/tcp_nv.c, within the tcp_update_metrics() function in net/ipv4/tcp_metrics.c, within the tcp_lp_pkts_acked() function in net/ipv4/tcp_lp.c, within the get_tcp4_sock() function in net/ipv4/tcp_ipv4.c, within the tcp_sndbuf_expand(), tcp_update_pacing_rate(), tcp_enter_loss(), DBGUNDO(), tcp_undo_cwnd_reduction(), tcp_init_cwnd_reduction(), tcp_cwnd_reduction(), tcp_end_cwnd_reduction(), tcp_mtup_probe_success(), tcp_fastretrans_alert(), tcp_should_expand_sndbuf() and tcp_init_transfer() functions in net/ipv4/tcp_input.c, within the update_params(), tcp_illinois_cong_avoid() and tcp_illinois_ssthresh() functions in net/ipv4/tcp_illinois.c, within the hybla_init() and hybla_cong_avoid() functions in net/ipv4/tcp_hybla.c, within the measure_achieved_throughput(), htcp_recalc_ssthresh() and htcp_cong_avoid() functions in net/ipv4/tcp_htcp.c, within the hstcp_cong_avoid() and hstcp_ssthresh() functions in net/ipv4/tcp_highspeed.c, within the dctcp_ssthresh(), dctcp_react_to_loss() and dctcp_get_info() functions in net/ipv4/tcp_dctcp.c, within the cubictcp_cong_avoid(), cubictcp_recalc_ssthresh(), hystart_update() and cubictcp_acked() functions in net/ipv4/tcp_cubic.c, within the tcp_set_congestion_control(), tcp_cong_avoid_ai(), tcp_reno_cong_avoid(), tcp_reno_ssthresh() and tcp_reno_undo_cwnd() functions in net/ipv4/tcp_cong.c, within the tcp_cdg_hystart_update(), tcp_cdg_backoff(), tcp_cdg_cong_avoid(), tcp_cdg_ssthresh(), tcp_cdg_cwnd_event() and tcp_cdg_init() functions in net/ipv4/tcp_cdg.c, within the bictcp_cong_avoid() and bictcp_recalc_ssthresh() functions in net/ipv4/tcp_bic.c, within the bbr_init_pacing_rate_from_rtt(), bbr_save_cwnd(), bbr_set_cwnd_to_recover_or_restore(), bbr_set_cwnd(), bbr_update_ack_aggregation(), bbr_check_probe_rtt_done() and bbr_undo_cwnd() functions in net/ipv4/tcp_bbr.c, within the tcp_init_sock(), tcp_disconnect(), tcp_get_info() and tcp_get_timestamping_opt_stats() functions in net/ipv4/tcp.c, within the _bpf_setsockopt() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3308676ec525901bf1656014003c443a60730a04
- https://git.kernel.org/stable/c/40570375356c874b1578e05c1dcc3ff7c1322dbe
- https://git.kernel.org/stable/c/41e191fe72282e193a7744e2fc1786b23156c9e4
- https://git.kernel.org/stable/c/5aba0ad44fb4a7fb78c5076c313456de199a3c29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.15