cve-2022-48883
Vulnerability from cvelistv5
Published
2024-08-21 06:10
Modified
2024-12-19 08:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx queues when creating an interface via netlink. This doesn't work for child PKEY interfaces because the child interface uses the parent receive channels. Although the child shares the parent's receive channels, the number of rx queues is important for the channel_stats array: the parent's rx channel index is used to access the child's channel_stats. So the array has to be at least as large as the parent's rx queue size for the counting to work correctly and to prevent out of bound accesses. This patch checks for the mentioned scenario and returns an error when trying to create the interface. The error is propagated to the user.
Impacted products
Vendor Product Version
Linux Linux Version: 5.17
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:04:49.165689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:32:52.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib_vlan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5844a46f09f768da866d6b0ffbf1a9073266bf24",
              "status": "affected",
              "version": "be98737a4faa3a0dc1781ced5bbf5c47865e29d7",
              "versionType": "git"
            },
            {
              "lessThan": "31c70bfe58ef09fe36327ddcced9143a16e9e83d",
              "status": "affected",
              "version": "be98737a4faa3a0dc1781ced5bbf5c47865e29d7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib_vlan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent\n\nA user is able to configure an arbitrary number of rx queues when\ncreating an interface via netlink. This doesn\u0027t work for child PKEY\ninterfaces because the child interface uses the parent receive channels.\n\nAlthough the child shares the parent\u0027s receive channels, the number of\nrx queues is important for the channel_stats array: the parent\u0027s rx\nchannel index is used to access the child\u0027s channel_stats. So the array\nhas to be at least as large as the parent\u0027s rx queue size for the\ncounting to work correctly and to prevent out of bound accesses.\n\nThis patch checks for the mentioned scenario and returns an error when\ntrying to create the interface. The error is propagated to the user."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:09:48.337Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5844a46f09f768da866d6b0ffbf1a9073266bf24"
        },
        {
          "url": "https://git.kernel.org/stable/c/31c70bfe58ef09fe36327ddcced9143a16e9e83d"
        }
      ],
      "title": "net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48883",
    "datePublished": "2024-08-21T06:10:14.763Z",
    "dateReserved": "2024-07-16T11:38:08.924Z",
    "dateUpdated": "2024-12-19T08:09:48.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48883\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-21T07:15:04.933\",\"lastModified\":\"2024-08-21T12:30:33.697\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent\\n\\nA user is able to configure an arbitrary number of rx queues when\\ncreating an interface via netlink. This doesn\u0027t work for child PKEY\\ninterfaces because the child interface uses the parent receive channels.\\n\\nAlthough the child shares the parent\u0027s receive channels, the number of\\nrx queues is important for the channel_stats array: the parent\u0027s rx\\nchannel index is used to access the child\u0027s channel_stats. So the array\\nhas to be at least as large as the parent\u0027s rx queue size for the\\ncounting to work correctly and to prevent out of bound accesses.\\n\\nThis patch checks for the mentioned scenario and returns an error when\\ntrying to create the interface. The error is propagated to the user.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: IPoIB, bloquea interfaces PKEY con menos colas de recepci\u00f3n que las principales. Un usuario puede configurar un n\u00famero arbitrario de colas de recepci\u00f3n al crear una interfaz a trav\u00e9s de netlink. Esto no funciona para interfaces PKEY secundarias porque la interfaz secundaria utiliza los canales de recepci\u00f3n principales. Aunque el ni\u00f1o comparte los canales de recepci\u00f3n de los padres, la cantidad de colas de recepci\u00f3n es importante para la matriz channel_stats: el \u00edndice del canal de recepci\u00f3n de los padres se usa para acceder a los channel_stats del ni\u00f1o. Por lo tanto, la matriz debe ser al menos tan grande como el tama\u00f1o de la cola de recepci\u00f3n principal para que el recuento funcione correctamente y evitar accesos fuera de los l\u00edmites. Este parche comprueba el escenario mencionado y devuelve un error al intentar crear la interfaz. El error se propaga al usuario.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/31c70bfe58ef09fe36327ddcced9143a16e9e83d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5844a46f09f768da866d6b0ffbf1a9073266bf24\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.