CVE-2022-48966

net: mvneta: Prevent out of bounds read in mvneta_config_rss()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

net: mvneta: Prevent out of bounds read in mvneta_config_rss()

The pp->indir[0] value comes from the user. It is passed to:

if (cpu_online(pp->rxq_def))

inside the mvneta_percpu_elect() function. It needs bounds checkeding
to ensure that it is not beyond the end of the cpu bitmap.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2024-10-26 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/cad5d847a093077b499a8b0bbfe6804b9226c03e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b	2022-12-14
https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c	2022-12-14
https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b	2022-12-14
https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50	2022-12-14
https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae	2022-12-14
https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471	2022-12-14
https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8	2022-12-14
https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7	2022-12-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.9.336 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.336"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.14.302 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.14.302"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.19.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.19.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 5.4.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 5.4.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 5.10.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 5.10.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 5.15.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 5.15.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 6.0.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 6.0.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 6.1"		en		Affected