CVE-2022-49153: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49153 affects the Linux kernel's WireGuard implementation, specifically related to a memory leak in the socket handling when IPv6 is disabled. The vulnerability was discovered and reported with a memory leak occurring in the WireGuard socket code, affecting Linux kernel versions from 5.6 to 5.15.33, 5.16 to 5.16.19, and 5.17 to 5.17.2 (NVD).

The vulnerability occurs in the WireGuard socket code where the skb (socket buffer) is not properly freed when IPv6 is disabled. Specifically, in the functions wgsocketsendbufferasreplytoskb() or wgsocketsendbuffertopeer(), the send6() semantics require freeing the skb, but when CONFIGIPV6 is disabled, the kfreeskb() call is missing. The issue has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability results in a memory leak when using WireGuard with IPv6 disabled. This was confirmed through a memory leak report showing an unreferenced object of size 232 bytes that remained allocated. While the impact is limited to memory resource exhaustion, it could potentially affect system stability over time (NVD).

The vulnerability has been patched by adding the missing kfree_skb() call in the WireGuard socket code when IPv6 is disabled. The fix was implemented in the Linux kernel through a patch that adds the proper memory cleanup code. Users should upgrade to kernel versions 5.15.33, 5.16.19, or 5.17.2 or later to receive the fix (Kernel Patch).