CVE-2022-48743

net: amd-xgbe: Fix skb data length underflow

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: amd-xgbe: Fix skb data length underflow

There will be BUG_ON() triggered in include/linux/skbuff.h leading to
intermittent kernel panic, when the skb length underflow is detected.

Fix this by dropping the packet if such length underflows are seen
because of inconsistencies in the hardware descriptors.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-08-03 CVE Updated
2024-08-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-124: Buffer Underwrite ('Buffer Underflow')

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/fafc9555d87a19c78bcd43ed731c3a73bf0b37a9	Vuln. Introduced
https://git.kernel.org/stable/c/622c36f143fc9566ba49d7cec994c2da1182d9e2	Vuln. Introduced
https://git.kernel.org/stable/c/ae43f9360a21b35cf785ae9a0fdce524d7af0938	Vuln. Introduced
https://git.kernel.org/stable/c/ae9d577f3dbb686862b7d0dc9cc73054f0964d4d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9924c80bd484340191e586110ca22bff23a49f2e	2022-02-08
https://git.kernel.org/stable/c/617f9934bb37993b9813832516f318ba874bcb7d	2022-02-08
https://git.kernel.org/stable/c/34aeb4da20f93ac80a6291a2dbe7b9c6460e9b26	2022-02-08
https://git.kernel.org/stable/c/9892742f035f7aa7dcd2bb0750effa486db89576	2022-02-05
https://git.kernel.org/stable/c/4d3fcfe8464838b3920bc2b939d888e0b792934e	2022-02-05
https://git.kernel.org/stable/c/db6fd92316a254be2097556f01bccecf560e53ce	2022-02-05
https://git.kernel.org/stable/c/e8f73f620fee5f52653ed2da360121e4446575c5	2022-02-05
https://git.kernel.org/stable/c/5aac9108a180fc06e28d4e7fb00247ce603b72ee	2022-01-28

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48743	2024-09-03
https://bugzilla.redhat.com/show_bug.cgi?id=2293316	2024-09-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9.19 < 4.9.300 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.19 < 4.9.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 4.14.265 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.14.265"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.19.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.4.177 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.4.177"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.10.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.10.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.15.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.15.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.16.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.16.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.4.58 Search vendor "Linux" for product "Linux Kernel" and version "4.4.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.10.7 Search vendor "Linux" for product "Linux Kernel" and version "4.10.7"		en		Affected