cve-2022-48746
Vulnerability from cvelistv5
Published
2024-06-20 11:13
Modified
2024-11-04 12:15
Severity ?
Summary
net/mlx5e: Fix handling of wrong devices during bond netevent
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:10:31.973719Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:48.098Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a01ee1b8165f",
              "status": "affected",
              "version": "7e51891a237f",
              "versionType": "git"
            },
            {
              "lessThan": "fe70126da606",
              "status": "affected",
              "version": "7e51891a237f",
              "versionType": "git"
            },
            {
              "lessThan": "4fad499d7fec",
              "status": "affected",
              "version": "7e51891a237f",
              "versionType": "git"
            },
            {
              "lessThan": "ec41332e02bd",
              "status": "affected",
              "version": "7e51891a237f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix handling of wrong devices during bond netevent\n\nCurrent implementation of bond netevent handler only check if\nthe handled netdev is VF representor and it missing a check if\nthe VF representor is on the same phys device of the bond handling\nthe netevent.\n\nFix by adding the missing check and optimizing the check if\nthe netdev is VF representor so it will not access uninitialized\nprivate data and crashes.\n\nBUG: kernel NULL pointer dereference, address: 000000000000036c\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nWorkqueue: eth3bond0 bond_mii_monitor [bonding]\nRIP: 0010:mlx5e_is_uplink_rep+0xc/0x50 [mlx5_core]\nRSP: 0018:ffff88812d69fd60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881cf800000 RCX: 0000000000000000\nRDX: ffff88812d69fe10 RSI: 000000000000001b RDI: ffff8881cf800880\nRBP: ffff8881cf800000 R08: 00000445cabccf2b R09: 0000000000000008\nR10: 0000000000000004 R11: 0000000000000008 R12: ffff88812d69fe10\nR13: 00000000fffffffe R14: ffff88820c0f9000 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff88846fb00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000036c CR3: 0000000103d80006 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n mlx5e_eswitch_uplink_rep+0x31/0x40 [mlx5_core]\n mlx5e_rep_is_lag_netdev+0x94/0xc0 [mlx5_core]\n mlx5e_rep_esw_bond_netevent+0xeb/0x3d0 [mlx5_core]\n raw_notifier_call_chain+0x41/0x60\n call_netdevice_notifiers_info+0x34/0x80\n netdev_lower_state_changed+0x4e/0xa0\n bond_mii_monitor+0x56b/0x640 [bonding]\n process_one_work+0x1b9/0x390\n worker_thread+0x4d/0x3d0\n ? rescuer_thread+0x350/0x350\n kthread+0x124/0x150\n ? set_kthread_struct+0x40/0x40\n ret_from_fork+0x1f/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:15:41.298Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62"
        }
      ],
      "title": "net/mlx5e: Fix handling of wrong devices during bond netevent",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48746",
    "datePublished": "2024-06-20T11:13:29.308Z",
    "dateReserved": "2024-06-20T11:09:39.055Z",
    "dateUpdated": "2024-11-04T12:15:41.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48746\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-20T12:15:12.870\",\"lastModified\":\"2024-06-20T12:43:25.663\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5e: Fix handling of wrong devices during bond netevent\\n\\nCurrent implementation of bond netevent handler only check if\\nthe handled netdev is VF representor and it missing a check if\\nthe VF representor is on the same phys device of the bond handling\\nthe netevent.\\n\\nFix by adding the missing check and optimizing the check if\\nthe netdev is VF representor so it will not access uninitialized\\nprivate data and crashes.\\n\\nBUG: kernel NULL pointer dereference, address: 000000000000036c\\nPGD 0 P4D 0\\nOops: 0000 [#1] SMP NOPTI\\nWorkqueue: eth3bond0 bond_mii_monitor [bonding]\\nRIP: 0010:mlx5e_is_uplink_rep+0xc/0x50 [mlx5_core]\\nRSP: 0018:ffff88812d69fd60 EFLAGS: 00010282\\nRAX: 0000000000000000 RBX: ffff8881cf800000 RCX: 0000000000000000\\nRDX: ffff88812d69fe10 RSI: 000000000000001b RDI: ffff8881cf800880\\nRBP: ffff8881cf800000 R08: 00000445cabccf2b R09: 0000000000000008\\nR10: 0000000000000004 R11: 0000000000000008 R12: ffff88812d69fe10\\nR13: 00000000fffffffe R14: ffff88820c0f9000 R15: 0000000000000000\\nFS:  0000000000000000(0000) GS:ffff88846fb00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 000000000000036c CR3: 0000000103d80006 CR4: 0000000000370ea0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n mlx5e_eswitch_uplink_rep+0x31/0x40 [mlx5_core]\\n mlx5e_rep_is_lag_netdev+0x94/0xc0 [mlx5_core]\\n mlx5e_rep_esw_bond_netevent+0xeb/0x3d0 [mlx5_core]\\n raw_notifier_call_chain+0x41/0x60\\n call_netdevice_notifiers_info+0x34/0x80\\n netdev_lower_state_changed+0x4e/0xa0\\n bond_mii_monitor+0x56b/0x640 [bonding]\\n process_one_work+0x1b9/0x390\\n worker_thread+0x4d/0x3d0\\n ? rescuer_thread+0x350/0x350\\n kthread+0x124/0x150\\n ? set_kthread_struct+0x40/0x40\\n ret_from_fork+0x1f/0x30\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.