CVE-2022-48647
sfc: fix TX channel offset when using legacy interrupts
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix TX channel offset when using legacy interrupts
In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but
that's not correct if efx_sepparate_tx_channels is false. In that case,
the offset is 0 because the tx queues are in the single existing channel
at index 0, together with the rx queue.
Without this fix, as soon as you try to send any traffic, it tries to
get the tx queues from an uninitialized channel getting these errors:
WARNING: CPU: 1 PID: 0 at drivers/net/ethernet/sfc/tx.c:540 efx_hard_start_xmit+0x12e/0x170 [sfc]
[...]
RIP: 0010:efx_hard_start_xmit+0x12e/0x170 [sfc]
[...]
Call Trace:
<IRQ>
dev_hard_start_xmit+0xd7/0x230
sch_direct_xmit+0x9f/0x360
__dev_queue_xmit+0x890/0xa40
[...]
BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[...]
RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]
[...]
Call Trace:
<IRQ>
dev_hard_start_xmit+0xd7/0x230
sch_direct_xmit+0x9f/0x360
__dev_queue_xmit+0x890/0xa40
[...]
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sfc: corrige el desplazamiento del canal TX cuando se usan interrupciones heredadas En el modo de interrupción heredado, tx_channel_offset estaba codificado en 1, pero eso no es correcto si efx_sepparate_tx_channels es falso. En ese caso, el desplazamiento es 0 porque las colas de transmisión están en el único canal existente en el índice 0, junto con la cola de recepción. Sin esta solución, tan pronto como intenta enviar tráfico, intenta obtener las colas de transmisión de un canal no inicializado y obtiene estos errores: ADVERTENCIA: CPU: 1 PID: 0 en drivers/net/ethernet/sfc/tx.c: 540 efx_hard_start_xmit+0x12e/0x170 [sfc] [...] RIP: 0010:efx_hard_start_xmit+0x12e/0x170 [sfc] [...] Seguimiento de llamadas: dev_hard_start_xmit+0xd7/0x230 sch_direct_xmit+0x9f/0x360 +0x890 /0xa40 [...] ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc] [...] Seguimiento de llamadas: dev_hard_start_xmit+0xd7/ 0x230 sch_direct_xmit+0x9f/0x360 __dev_queue_xmit+0x890/0xa40 [...]
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-25 CVE Reserved
- 2024-04-28 CVE Published
- 2024-04-29 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/bf2af9b24313553f3f0b30443220ab0ac8595d2d | Vuln. Introduced | |
https://git.kernel.org/stable/c/06cb7e134f8f4a11b66f1dbeb5f237412a0aeedc | Vuln. Introduced | |
https://git.kernel.org/stable/c/c308dfd1b43ef0d4c3e57b741bb3462eb7a7f4a2 | Vuln. Introduced | |
https://git.kernel.org/stable/c/1a7c0b3ef93d1d1dae7b0a85dab3ac6e3ad0ef61 | Vuln. Introduced | |
https://git.kernel.org/stable/c/b2d60329a0b88c4e35017436ee29c43be59d46a5 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.122 < 5.10.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.122 < 5.10.146" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.47 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.47 < 5.15.71" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 5.19.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.0" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version "5.17.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version "5.18.4" | en |
Affected
|