Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48746

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
20/06/2024
Last modified:
06/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: Fix handling of wrong devices during bond netevent<br /> <br /> Current implementation of bond netevent handler only check if<br /> the handled netdev is VF representor and it missing a check if<br /> the VF representor is on the same phys device of the bond handling<br /> the netevent.<br /> <br /> Fix by adding the missing check and optimizing the check if<br /> the netdev is VF representor so it will not access uninitialized<br /> private data and crashes.<br /> <br /> BUG: kernel NULL pointer dereference, address: 000000000000036c<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] SMP NOPTI<br /> Workqueue: eth3bond0 bond_mii_monitor [bonding]<br /> RIP: 0010:mlx5e_is_uplink_rep+0xc/0x50 [mlx5_core]<br /> RSP: 0018:ffff88812d69fd60 EFLAGS: 00010282<br /> RAX: 0000000000000000 RBX: ffff8881cf800000 RCX: 0000000000000000<br /> RDX: ffff88812d69fe10 RSI: 000000000000001b RDI: ffff8881cf800880<br /> RBP: ffff8881cf800000 R08: 00000445cabccf2b R09: 0000000000000008<br /> R10: 0000000000000004 R11: 0000000000000008 R12: ffff88812d69fe10<br /> R13: 00000000fffffffe R14: ffff88820c0f9000 R15: 0000000000000000<br /> FS: 0000000000000000(0000) GS:ffff88846fb00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 000000000000036c CR3: 0000000103d80006 CR4: 0000000000370ea0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> mlx5e_eswitch_uplink_rep+0x31/0x40 [mlx5_core]<br /> mlx5e_rep_is_lag_netdev+0x94/0xc0 [mlx5_core]<br /> mlx5e_rep_esw_bond_netevent+0xeb/0x3d0 [mlx5_core]<br /> raw_notifier_call_chain+0x41/0x60<br /> call_netdevice_notifiers_info+0x34/0x80<br /> netdev_lower_state_changed+0x4e/0xa0<br /> bond_mii_monitor+0x56b/0x640 [bonding]<br /> process_one_work+0x1b9/0x390<br /> worker_thread+0x4d/0x3d0<br /> ? rescuer_thread+0x350/0x350<br /> kthread+0x124/0x150<br /> ? set_kthread_struct+0x40/0x40<br /> ret_from_fork+0x1f/0x30

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.8 (including) 5.10.97 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.20 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.16.6 (excluding)
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools