{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T13:41:02.973","vulnerabilities":[{"cve":{"id":"CVE-2022-49086","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-26T07:00:45.940","lastModified":"2025-09-23T18:10:06.403","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix leak of nested actions\n\nWhile parsing user-provided actions, openvswitch module may dynamically\nallocate memory and store pointers in the internal copy of the actions.\nSo this memory has to be freed while destroying the actions.\n\nCurrently there are only two such actions: ct() and set().  However,\nthere are many actions that can hold nested lists of actions and\novs_nla_free_flow_actions() just jumps over them leaking the memory.\n\nFor example, removal of the flow with the following actions will lead\nto a leak of the memory allocated by nf_ct_tmpl_alloc():\n\n  actions:clone(ct(commit),0)\n\nNon-freed set() action may also leak the 'dst' structure for the\ntunnel info including device references.\n\nUnder certain conditions with a high rate of flow rotation that may\ncause significant memory leak problem (2MB per second in reporter's\ncase).  The problem is also hard to mitigate, because the user doesn't\nhave direct control over the datapath flows generated by OVS.\n\nFix that by iterating over all the nested actions and freeing\neverything that needs to be freed recursively.\n\nNew build time assertion should protect us from this problem if new\nactions will be added in the future.\n\nUnfortunately, openvswitch module doesn't use NLA_F_NESTED, so all\nattributes has to be explicitly checked.  sample() and clone() actions\nare mixing extra attributes into the user-provided action list.  That\nprevents some code generalization too."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: fix leak of nested shares Mientras analiza acciones proporcionadas por el usuario, el módulo openvswitch puede asignar memoria dinámicamente y almacenar punteros en la copia interna de las acciones. Por lo tanto, esta memoria debe liberarse mientras se destruyen las acciones. Actualmente solo hay dos acciones de este tipo: ct() y set(). Sin embargo, hay muchas acciones que pueden contener listas anidadas de acciones y ovs_nla_free_flow_actions() simplemente las salta, perdiendo la memoria. Por ejemplo, la eliminación del flujo con las siguientes acciones provocará una pérdida de la memoria asignada por nf_ct_tmpl_alloc(): shares:clone(ct(commit),0) La acción set() no liberada también puede perder la estructura 'dst' para la información del túnel, incluidas las referencias del dispositivo. Bajo ciertas condiciones con una alta tasa de rotación del flujo, esto puede causar un problema de pérdida de memoria significativo (2 MB por segundo en el caso del reportero). El problema también es difícil de mitigar, porque el usuario no tiene control directo sobre los flujos de rutas de datos generados por OVS. Solucione eso iterando sobre todas las acciones anidadas y liberando todo lo que se necesite liberar de forma recursiva. La nueva afirmación de tiempo de compilación debería protegernos de este problema si se agregan nuevas acciones en el futuro. Desafortunadamente, el módulo openvswitch no usa NLA_F_NESTED, por lo que todos los atributos deben verificarse explícitamente. Las acciones sample() y clone() mezclan atributos adicionales en la lista de acciones proporcionada por el usuario. Eso también evita cierta generalización del código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"4.19.249","matchCriteriaId":"EFDE78BF-3014-4717-AA33-00F15CE7636B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.200","matchCriteriaId":"80B2AE57-4A7E-40BB-8C83-33D4436CE199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.111","matchCriteriaId":"96258501-7BCE-4C55-8A38-8AC9D327626D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.34","matchCriteriaId":"D25878D3-7761-4E9F-8919-E92CD53896E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.16.20","matchCriteriaId":"ABBBA66E-0244-4621-966B-9790AF1EEB00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"5.17.3","matchCriteriaId":"AE420AC7-1E59-4398-B84F-71F4B4337762"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*","matchCriteriaId":"6AD94161-84BB-42E6-9882-4FC0C42E9FC1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1f30fb9166d4f15a1aa19449b9da871fe0ed4796","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3554c214b83ec9a839ed574263a34218f372990c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53bce9d19b0a9d245b25cd050b81652ed974a509","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5ae05b5eb58773cfec307ff88aff4cfd843c4cff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7438dc55c0709819b813f4778aec2c48b782990b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/837b96d8103938e35e7d92cd9db96af914ca4fff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef6f9ce0a79aa23b10fc5f3b3cab3814a25aac40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}