CVE-2022-48962

net: hisilicon: Fix potential use-after-free in hisi_femac_rx()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

net: hisilicon: Fix potential use-after-free in hisi_femac_rx()

The skb is delivered to napi_gro_receive() which may free it, after
calling this, dereferencing skb may trigger use-after-free.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2024-10-25 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/542ae60af24f02e130e62cb3b7c23163a2350056	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885	2022-12-14
https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a	2022-12-14
https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e	2022-12-14
https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca	2022-12-14
https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506	2022-12-14
https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942	2022-12-14
https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9	2022-12-14
https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd	2022-12-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.9.336 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.9.336"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.14.302 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.14.302"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.19.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.19.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.0.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.0.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.1"		en		Affected