CVE-2022-49084

qede: confirm skb is allocated before using

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight
to skb_reserve(). However, build_skb() can fail under memory pressure.
This results in a kernel panic because the skb to reserve is NULL. Add a check in case build_skb() failed to allocate and return NULL. The NULL return is handled correctly in callers to qede_build_skb().

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/8a8633978b842c88fbcfe00d4e5dde96048f630e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9648adb1b3ece55c657d3a4f52bfee663b710dfe	2022-04-15
https://git.kernel.org/stable/c/034a92c6a81048128fc7b18d278d52438a13902a	2022-04-15
https://git.kernel.org/stable/c/8928239e5e2e460d95b8a0b89f61671625e7ece0	2022-04-13
https://git.kernel.org/stable/c/c9bdce2359b5f4986eb38d1e81865b3586cc20d2	2022-04-13
https://git.kernel.org/stable/c/b2d6b3db9d1cf80908964036dbe1c52a86b1afb1	2022-04-13
https://git.kernel.org/stable/c/e1fd0c42acfa22bb34d2ab6a111484f466ab8093	2022-04-13
https://git.kernel.org/stable/c/4e910dbe36508654a896d5735b318c0b88172570	2022-04-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 4.19.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 4.19.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.4.189 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.4.189"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.111 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.111"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.16.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.16.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.17.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.17.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.18"		en		Affected