https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-08T13:48:59.818029+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/0b7bedb9-6a34-49a5-ac26-0982e47b1037/export0b7bedb9-6a34-49a5-ac26-0982e47b10372026-05-08T13:49:00.198013+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "0b7bedb9-6a34-49a5-ac26-0982e47b1037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49911", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/24251", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-49911 - Linux kernel netfilter ipset Memory Allocation Denial of Service\", \n \"Content\": \"CVE ID : CVE-2022-49911 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnetfilter: ipset: enforce documented limit to prevent allocating huge memory \n \nDaniel Xu reported that the hash:net,iface type of the ipset subsystem does \nnot limit adding the same network with different interfaces to a set, which \ncan lead to huge memory usage or allocation failure. \n \nThe quick reproducer is \n \n$ ipset create ACL.IN.ALL_PERMIT hash:net,iface hashsize 1048576 timeout 0 \n$ for i in $(seq 0 100); do /sbin/ipset add ACL.IN.ALL_PERMIT 0.0.0.0/0,kaf_$i timeout 0 -exist; done \n \nThe backtrace when vmalloc fails: \n \n [Tue Oct 25 00:13:08 2022] ipset: vmalloc error: size 1073741848, exceeds total pages <...[Tue Oct 25 00:13:08 2022] Call Trace: \n [Tue Oct 25 00:13:08 2022] \n [Tue Oct 25 00:13:08 2022] dump_stack_lvl+0x48/0x60 \n [Tue Oct 25 00:13:08 2022] warn_alloc+0x155/0x180 \n [Tue Oct 25 00:13:08 2022] __vmalloc_node_range+0x72a/0x760 \n [Tue Oct 25 00:13:08 2022] ? hash_netiface4_add+0x7c0/0xb20 \n [Tue Oct 25 00:13:08 2022] ? __kmalloc_large_node+0x4a/0x90 \n [Tue Oct 25 00:13:08 2022] kvmalloc_node+0xa6/0xd0 \n [Tue Oct 25 00:13:08 2022] ? hash_netiface4_resize+0x99/0x710 <...The fix is to enforce the limit documented in the ipset(8) manpage: \n \n> The internal restriction of the hash:net,iface set type is that the same \n> network prefix cannot be stored with more than 64 different interfaces \n> in a single set. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:43.000000Z"}2025-05-01T19:01:43+00:00