CVE-2022-48648

sfc: fix null pointer dereference in efx_hard_start_xmit

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix null pointer dereference in efx_hard_start_xmit

Trying to get the channel from the tx_queue variable here is wrong
because we can only be here if tx_queue is NULL, so we shouldn't
dereference it. As the above comment in the code says, this is very
unlikely to happen, but it's wrong anyway so let's fix it.

I hit this issue because of a different bug that caused tx_queue to be
NULL. If that happens, this is the error message that we get here:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[...]
RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc: corrige la desreferencia del puntero nulo en efx_hard_start_xmit Intentar obtener el canal de la variable tx_queue aquí es incorrecto porque solo podemos estar aquí si tx_queue es NULL, por lo que no debemos desreferenciarlo. Como dice el comentario anterior en el código, es muy poco probable que esto suceda, pero de todos modos está mal, así que solucionémoslo. Encontré este problema debido a un error diferente que provocó que tx_queue fuera NULL. Si eso sucede, este es el mensaje de error que recibimos aquí: ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-04-28 CVE Published
2024-04-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7	2022-09-28
https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998	2022-09-28
https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03	2022-09-28
https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3	2022-09-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.146"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.15.71"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.0"		en		Affected