CVE-2022-48850

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net-sysfs: add check for netdevice being present to speed_show<br /> <br /> When bringing down the netdevice or system shutdown, a panic can be<br /> triggered while accessing the sysfs path because the device is already<br /> removed.<br /> <br /> [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called<br /> [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called<br /> ...<br /> [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null)<br /> [ 758.031397] IP: [] dma_pool_alloc+0x1ab/0x280<br /> <br /> crash&gt; bt<br /> ...<br /> PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd"<br /> ...<br /> #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778<br /> [exception RIP: dma_pool_alloc+0x1ab]<br /> RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046<br /> RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000<br /> RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090<br /> RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00<br /> R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0<br /> R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000<br /> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018<br /> #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]<br /> #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]<br /> #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]<br /> #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]<br /> #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]<br /> #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]<br /> #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]<br /> #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46<br /> #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208<br /> #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3<br /> #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf<br /> #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596<br /> #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10<br /> #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5<br /> #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff<br /> #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f<br /> #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92<br /> <br /> crash&gt; net_device.state ffff89443b0c0000<br /> state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER)<br /> <br /> To prevent this scenario, we also make sure that the netdevice is present.