---

CVE-2022-3524 - log back

CVE-2022-3524 created at 01 Mar 2023 20:53:09
Severity	+ Unknown
Remote	+ Unknown
Type	+ Denial of service
Description	+ memory leak in ipv6_renew_options() when one thread is converting an IPv6 socket into IPv4 with IPV6_ADDRFORM while another thread calls do_ipv6_setsockopt() and allocates memory to inet6_sk(sk)->XXX after conversion because the converted sk with (tcp|udp)_prot never frees the IPv6 resources, which inet6_destroy_sock() should have cleaned up
References	+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 + https://kernel.dance/#CVE-2022-3524
Notes