CVE-2022-48642 is a vulnerability identified in the Linux kernel's netfilter subsystem, specifically within the nftables implementation. The issue pertains to a per-CPU memory leak occurring in the function nf_tables_addchain(). This leak was introduced following the commit 3bc158f8d0330f0a, which modified how nft_chain_offload_priority() maps basechain priority to hardware priority. When nft_chain_offload_priority() returns an error, the per-CPU memory allocated for chain statistics is not properly released, causing a memory leak. Over time, this can lead to increased memory consumption on affected systems, potentially degrading system performance or causing resource exhaustion. The vulnerability does not appear to allow direct code execution or privilege escalation but impacts system stability and availability through resource depletion. The flaw affects Linux kernel versions that include the referenced commit and is resolved by fixing the memory leak in the nf_tables_addchain() function. There are no known exploits in the wild at this time, and no CVSS score has been assigned. The vulnerability is technical and specific to Linux kernel networking internals, particularly impacting systems that utilize nftables for packet filtering and firewalling.

For European organizations, the primary impact of CVE-2022-48642 lies in potential degradation of network infrastructure stability and availability. Organizations relying on Linux-based firewalls, routers, or servers using nftables for network filtering may experience gradual memory exhaustion, leading to system slowdowns or crashes if the leak is not addressed. This can disrupt critical network services, impacting business operations, especially in sectors with high network traffic such as telecommunications, finance, and cloud service providers. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can indirectly affect service reliability and uptime commitments. In environments with high network throughput or long uptimes without frequent reboots, the risk of resource exhaustion is higher. European organizations with stringent uptime and security requirements should prioritize patching to maintain operational continuity and avoid potential denial-of-service conditions caused by memory leaks.

To mitigate CVE-2022-48642, European organizations should: 1) Apply the latest Linux kernel updates that include the fix for the nf_tables_addchain() memory leak as soon as they become available from their Linux distribution vendors. 2) Monitor system memory usage on network devices and servers running nftables to detect abnormal increases in per-CPU memory consumption that could indicate the leak is active. 3) Implement proactive system restarts or service reloads as a temporary measure to reclaim leaked memory if patching cannot be immediately applied. 4) Review and audit nftables configurations to ensure they are optimized and not unnecessarily complex, reducing the chance of triggering the bug. 5) Employ resource monitoring and alerting tools tailored to detect memory leaks and unusual resource usage patterns in network filtering components. 6) Coordinate with Linux distribution security advisories and maintain an updated inventory of affected systems to prioritize remediation efforts effectively.