CVE-2022-48647

sfc: fix TX channel offset when using legacy interrupts

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix TX channel offset when using legacy interrupts

In legacy interrupt mode the tx_channel_offset was hardcoded to 1, but
that's not correct if efx_sepparate_tx_channels is false. In that case,
the offset is 0 because the tx queues are in the single existing channel
at index 0, together with the rx queue.

Without this fix, as soon as you try to send any traffic, it tries to
get the tx queues from an uninitialized channel getting these errors:
WARNING: CPU: 1 PID: 0 at drivers/net/ethernet/sfc/tx.c:540 efx_hard_start_xmit+0x12e/0x170 [sfc]
[...]
RIP: 0010:efx_hard_start_xmit+0x12e/0x170 [sfc]
[...]
Call Trace:
<IRQ>
dev_hard_start_xmit+0xd7/0x230
sch_direct_xmit+0x9f/0x360
__dev_queue_xmit+0x890/0xa40
[...]
BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[...]
RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]
[...]
Call Trace:
<IRQ>
dev_hard_start_xmit+0xd7/0x230
sch_direct_xmit+0x9f/0x360
__dev_queue_xmit+0x890/0xa40
[...]

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sfc: corrige el desplazamiento del canal TX cuando se usan interrupciones heredadas En el modo de interrupción heredado, tx_channel_offset estaba codificado en 1, pero eso no es correcto si efx_sepparate_tx_channels es falso. En ese caso, el desplazamiento es 0 porque las colas de transmisión están en el único canal existente en el índice 0, junto con la cola de recepción. Sin esta solución, tan pronto como intenta enviar tráfico, intenta obtener las colas de transmisión de un canal no inicializado y obtiene estos errores: ADVERTENCIA: CPU: 1 PID: 0 en drivers/net/ethernet/sfc/tx.c: 540 efx_hard_start_xmit+0x12e/0x170 [sfc] [...] RIP: 0010:efx_hard_start_xmit+0x12e/0x170 [sfc] [...] Seguimiento de llamadas: dev_hard_start_xmit+0xd7/0x230 sch_direct_xmit+0x9f/0x360 +0x890 /0xa40 [...] ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc] [...] Seguimiento de llamadas: dev_hard_start_xmit+0xd7/ 0x230 sch_direct_xmit+0x9f/0x360 __dev_queue_xmit+0x890/0xa40 [...]

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-04-28 CVE Published
2024-04-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/bf2af9b24313553f3f0b30443220ab0ac8595d2d	Vuln. Introduced
https://git.kernel.org/stable/c/06cb7e134f8f4a11b66f1dbeb5f237412a0aeedc	Vuln. Introduced
https://git.kernel.org/stable/c/c308dfd1b43ef0d4c3e57b741bb3462eb7a7f4a2	Vuln. Introduced
https://git.kernel.org/stable/c/1a7c0b3ef93d1d1dae7b0a85dab3ac6e3ad0ef61	Vuln. Introduced
https://git.kernel.org/stable/c/b2d60329a0b88c4e35017436ee29c43be59d46a5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b4afd3878f961d3517f27b3213730fceef77945c	2022-09-28
https://git.kernel.org/stable/c/360910b88d1466a90644a4e0533803b594344a2b	2022-09-28
https://git.kernel.org/stable/c/5f623a77cfc2d501d72bcb4f9ee71721e6c766ff	2022-09-28
https://git.kernel.org/stable/c/f232af4295653afa4ade3230462b3be15ad16419	2022-09-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.122 < 5.10.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.122 < 5.10.146"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.47 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.47 < 5.15.71"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 5.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.0"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.17.15 Search vendor "Linux" for product "Linux Kernel" and version "5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.18.4 Search vendor "Linux" for product "Linux Kernel" and version "5.18.4"		en		Affected