VULNERABILITY

Amazon Linux AMI: CVE-2022-49390: Security patch for kernel (ALAS-2025-1970)

Try Surface Command Get a continuous 360° view of your attack surface
Back to Search

Amazon Linux AMI: CVE-2022-49390: Security patch for kernel (ALAS-2025-1970)

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
02/26/2025
Created
04/23/2025
Added
04/18/2025
Modified
05/21/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

macsec: fix UAF bug for real_dev

Create a new macsec device but not get reference to real_dev. That can

not ensure that real_dev is freed after macsec. That will trigger the

UAF bug for real_dev as following:

==================================================================

BUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662

Call Trace:

...

macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662

dev_get_iflink+0x73/0xe0 net/core/dev.c:637

default_operstate net/core/link_watch.c:42 [inline]

rfc2863_policy+0x233/0x2d0 net/core/link_watch.c:54

linkwatch_do_dev+0x2a/0x150 net/core/link_watch.c:161

Allocated by task 22209:

...

alloc_netdev_mqs+0x98/0x1100 net/core/dev.c:10549

rtnl_create_link+0x9d7/0xc00 net/core/rtnetlink.c:3235

veth_newlink+0x20e/0xa90 drivers/net/veth.c:1748

Freed by task 8:

...

kfree+0xd6/0x4d0 mm/slub.c:4552

kvfree+0x42/0x50 mm/util.c:615

device_release+0x9f/0x240 drivers/base/core.c:2229

kobject_cleanup lib/kobject.c:673 [inline]

kobject_release lib/kobject.c:704 [inline]

kref_put include/linux/kref.h:65 [inline]

kobject_put+0x1c8/0x540 lib/kobject.c:721

netdev_run_todo+0x72e/0x10b0 net/core/dev.c:10327

After commit faab39f63c1f ("net: allow out-of-order netdev unregistration")

and commit e5f80fcf869a ("ipv6: give an IPv6 dev to blackhole_netdev"), we

can add dev_hold_track() in macsec_dev_init() and dev_put_track() in

macsec_free_netdev() to fix the problem.

Solution(s)

  • amazon-linux-upgrade-kernel

References

  • ALAS-2025-1970
  • CVE-2022-49390

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;