CVE-2022-49869

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
01/05/2025
Last modified:
07/05/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()<br /> <br /> During the error recovery sequence, the rtnl_lock is not held for the<br /> entire duration and some datastructures may be freed during the sequence.<br /> Check for the BNXT_STATE_OPEN flag instead of netif_running() to ensure<br /> that the device is fully operational before proceeding to reconfigure<br /> the coalescing settings.<br /> <br /> This will fix a possible crash like this:<br /> <br /> BUG: unable to handle kernel NULL pointer dereference at 0000000000000000<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] SMP NOPTI<br /> CPU: 10 PID: 181276 Comm: ethtool Kdump: loaded Tainted: G IOE --------- - - 4.18.0-348.el8.x86_64 #1<br /> Hardware name: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 08/15/2019<br /> RIP: 0010:bnxt_hwrm_set_coal+0x1fb/0x2a0 [bnxt_en]<br /> Code: c2 66 83 4e 22 08 66 89 46 1c e8 10 cb 00 00 41 83 c6 01 44 39 b3 68 01 00 00 0f 8e a3 00 00 00 48 8b 93 c8 00 00 00 49 63 c6 8b 2c c2 48 8b 85 b8 02 00 00 48 85 c0 74 2e 48 8b 74 24 08 f6<br /> RSP: 0018:ffffb11c8dcaba50 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: ffff8d168a8b0ac0 RCX: 00000000000000c5<br /> RDX: 0000000000000000 RSI: ffff8d162f72c000 RDI: ffff8d168a8b0b28<br /> RBP: 0000000000000000 R08: b6e1f68a12e9a7eb R09: 0000000000000000<br /> R10: 0000000000000001 R11: 0000000000000037 R12: ffff8d168a8b109c<br /> R13: ffff8d168a8b10aa R14: 0000000000000000 R15: ffffffffc01ac4e0<br /> FS: 00007f3852e4c740(0000) GS:ffff8d24c0080000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000000000000000 CR3: 000000041b3ee003 CR4: 00000000007706e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> PKRU: 55555554<br /> Call Trace:<br /> ethnl_set_coalesce+0x3ce/0x4c0<br /> genl_family_rcv_msg_doit.isra.15+0x10f/0x150<br /> genl_family_rcv_msg+0xb3/0x160<br /> ? coalesce_fill_reply+0x480/0x480<br /> genl_rcv_msg+0x47/0x90<br /> ? genl_family_rcv_msg+0x160/0x160<br /> netlink_rcv_skb+0x4c/0x120<br /> genl_rcv+0x24/0x40<br /> netlink_unicast+0x196/0x230<br /> netlink_sendmsg+0x204/0x3d0<br /> sock_sendmsg+0x4c/0x50<br /> __sys_sendto+0xee/0x160<br /> ? syscall_trace_enter+0x1d3/0x2c0<br /> ? __audit_syscall_exit+0x249/0x2a0<br /> __x64_sys_sendto+0x24/0x30<br /> do_syscall_64+0x5b/0x1a0<br /> entry_SYSCALL_64_after_hwframe+0x65/0xca<br /> RIP: 0033:0x7f38524163bb

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4 (including) 5.4.225 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.155 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.79 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.0.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*