CVE-2022-48960

net: hisilicon: Fix potential use-after-free in hix5hd2_rx()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

net: hisilicon: Fix potential use-after-free in hix5hd2_rx()

The skb is delivered to napi_gro_receive() which may free it, after
calling this, dereferencing skb may trigger use-after-free.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2024-10-21 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/57c5bc9ad7d799e9507ba6e993398d2c55f03fab	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4	2022-12-14
https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f	2022-12-14
https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a	2022-12-14
https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c	2022-12-14
https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc	2022-12-14
https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387	2022-12-14
https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262	2022-12-14
https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab	2022-12-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 4.9.336 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.9.336"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 4.14.302 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.14.302"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 4.19.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 4.19.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.4.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.4.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.10.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.10.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 5.15.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 5.15.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 6.0.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 6.0.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.16 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 6.1"		en		Affected