CVE-2022-48864
vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command
When control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command
request from the driver, presently there is no validation against the
number of queue pairs to configure, or even if multiqueue had been
negotiated or not is unverified. This may lead to kernel panic due to
uninitialized resource for the queues were there any bogus request
sent down by untrusted driver. Tie up the loose ends there.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa/mlx5: agregar validación para el comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET Cuando control vq recibe una solicitud de comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET del controlador, actualmente no hay validación contra el número de pares de colas para configurar, o incluso si La multicola se había negociado o no no está verificada. Esto puede provocar pánico en el kernel debido a recursos no inicializados para las colas si hubo alguna solicitud falsa enviada por un controlador que no es de confianza. Ata los cabos sueltos allí.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-16 CVE Reserved
- 2024-07-16 CVE Published
- 2024-07-24 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-908: Use of Uninitialized Resource
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/52893733f2c5886fc74be6c386d12b59a3f581df | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.15.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.29" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.16.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.17" | en |
Affected
|