CVE-2022-49025

net/mlx5e: Fix use-after-free when reverting termination table

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one
or afterwards fails the driver reverts usage of term tables but
doesn't reset the assignment in attr->dests[num_vport_dests].termtbl
which case a use-after-free when releasing the rule.
Fix by resetting the assignment of termtbl to null.

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null.

This update for the Linux Kernel 5.3.18-150300_59_161 fixes several issues. The following security issues were fixed. Net/mlx5e: Fix use-after-free when reverting termination table. Sync sock recv cb and release. Fixed use-after-free for aborted TMF sas_task.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-10-21 CVE Published
2025-12-22 EPSS Updated
2026-05-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/10caabdaad5ace85577a453da97d1f8d3b944427	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b	2022-12-08
https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff	2022-12-08
https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b	2022-12-08
https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904	2022-12-08
https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae	2022-11-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.4.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.4.226"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.10.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.10.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.15.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.15.82"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.0.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.0.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.1"		en		Affected