Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49227

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
21/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> igc: avoid kernel warning when changing RX ring parameters<br /> <br /> Calling ethtool changing the RX ring parameters like this:<br /> <br /> $ ethtool -G eth0 rx 1024<br /> <br /> on igc triggers kernel warnings like this:<br /> <br /> [ 225.198467] ------------[ cut here ]------------<br /> [ 225.198473] Missing unregister, handled but fix driver<br /> [ 225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168<br /> xdp_rxq_info_reg+0x79/0xd0<br /> [...]<br /> [ 225.198601] Call Trace:<br /> [ 225.198604] <br /> [ 225.198609] igc_setup_rx_resources+0x3f/0xe0 [igc]<br /> [ 225.198617] igc_ethtool_set_ringparam+0x30e/0x450 [igc]<br /> [ 225.198626] ethnl_set_rings+0x18a/0x250<br /> [ 225.198631] genl_family_rcv_msg_doit+0xca/0x110<br /> [ 225.198637] genl_rcv_msg+0xce/0x1c0<br /> [ 225.198640] ? rings_prepare_data+0x60/0x60<br /> [ 225.198644] ? genl_get_cmd+0xd0/0xd0<br /> [ 225.198647] netlink_rcv_skb+0x4e/0xf0<br /> [ 225.198652] genl_rcv+0x24/0x40<br /> [ 225.198655] netlink_unicast+0x20e/0x330<br /> [ 225.198659] netlink_sendmsg+0x23f/0x480<br /> [ 225.198663] sock_sendmsg+0x5b/0x60<br /> [ 225.198667] __sys_sendto+0xf0/0x160<br /> [ 225.198671] ? handle_mm_fault+0xb2/0x280<br /> [ 225.198676] ? do_user_addr_fault+0x1eb/0x690<br /> [ 225.198680] __x64_sys_sendto+0x20/0x30<br /> [ 225.198683] do_syscall_64+0x38/0x90<br /> [ 225.198687] entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> [ 225.198693] RIP: 0033:0x7f7ae38ac3aa<br /> <br /> igc_ethtool_set_ringparam() copies the igc_ring structure but neglects to<br /> reset the xdp_rxq_info member before calling igc_setup_rx_resources().<br /> This in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.<br /> <br /> Make sure to unregister the xdp_rxq_info structure first in<br /> igc_setup_rx_resources.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.13 (including) 5.15.33 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.16.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.17 (including) 5.17.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools