CVE-2022-48637
bnxt: prevent skb UAF after handing over to PTP worker
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
bnxt: prevent skb UAF after handing over to PTP worker
When reading the timestamp is required bnxt_tx_int() hands
over the ownership of the completed skb to the PTP worker.
The skb should not be used afterwards, as the worker may
run before the rest of our code and free the skb, leading
to a use-after-free.
Since dev_kfree_skb_any() accepts NULL make the loss of
ownership more obvious and set skb to NULL.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bnxt: impide que skb UAF se entregue al trabajador de PTP. Cuando se requiere leer la marca de tiempo, bnxt_tx_int() entrega la propiedad del skb completado al trabajador de PTP. El skb no debe usarse después, ya que el trabajador puede ejecutarse antes que el resto de nuestro código y liberar el skb, lo que lleva a un use-after-free. Dado que dev_kfree_skb_any() acepta NULL, la pérdida de propiedad es más obvia y establece skb en NULL.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-25 CVE Reserved
- 2024-04-28 CVE Published
- 2024-04-29 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/83bb623c968e7351aee5111547693f95f330dc5a | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-48637 | 2024-08-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2277831 | 2024-08-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.71" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.19.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.14 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.0" | en |
Affected
|