CVE-2022-48949 (GCVE-0-2022-48949)

Vulnerability from cvelistv5 – Published: 2024-10-21 20:05 – Updated: 2025-05-04 08:26
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < a6629659af3f5c6a91e3914ea62554c975ab77f4 (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < ef1d739dd1f362aec081278ff92f943c31eb177a (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < c581439a977545d61849a72e8ed631cfc8a2a3c1 (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < f2479c3daaabccbac6c343a737615d0c595c6dc4 (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < 367e1e3399dbc56fc669740c4ab60e35da632b0e (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < 51fd5ede7ed42f272682a0c33d6f0767b3484a3d (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < c383c7c35c7bc15e07a04eefa060a8a80cbeae29 (git)
Affected: 6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 , < de5dc44370fbd6b46bd7f1a1e00369be54a041c8 (git)
Create a notification for this product.
    Linux Linux Affected: 4.0
Unaffected: 0 , < 4.0 (semver)
Unaffected: 4.14.303 , ≤ 4.14.* (semver)
Unaffected: 4.19.270 , ≤ 4.19.* (semver)
Unaffected: 5.4.229 , ≤ 5.4.* (semver)
Unaffected: 5.10.161 , ≤ 5.10.* (semver)
Unaffected: 5.15.85 , ≤ 5.15.* (semver)
Unaffected: 6.0.15 , ≤ 6.0.* (semver)
Unaffected: 6.1.1 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:21:53.220754Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:28:40.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a6629659af3f5c6a91e3914ea62554c975ab77f4",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "ef1d739dd1f362aec081278ff92f943c31eb177a",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "c581439a977545d61849a72e8ed631cfc8a2a3c1",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "f2479c3daaabccbac6c343a737615d0c595c6dc4",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "367e1e3399dbc56fc669740c4ab60e35da632b0e",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "51fd5ede7ed42f272682a0c33d6f0767b3484a3d",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "c383c7c35c7bc15e07a04eefa060a8a80cbeae29",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            },
            {
              "lessThan": "de5dc44370fbd6b46bd7f1a1e00369be54a041c8",
              "status": "affected",
              "version": "6ddbc4cf1f4d5a3a58b4223c80881f299dae3774",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "lessThan": "4.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.161",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.85",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.15",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.1",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Initialize mailbox message for VF reset\n\nWhen a MAC address is not assigned to the VF, that portion of the message\nsent to the VF is not set. The memory, however, is allocated from the\nstack meaning that information may be leaked to the VM. Initialize the\nmessage buffer to 0 so that no information is passed to the VM in this\ncase."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:26:44.707Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29"
        },
        {
          "url": "https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8"
        }
      ],
      "title": "igb: Initialize mailbox message for VF reset",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48949",
    "datePublished": "2024-10-21T20:05:37.782Z",
    "dateReserved": "2024-08-22T01:27:53.625Z",
    "dateUpdated": "2025-05-04T08:26:44.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.14.303\", \"matchCriteriaId\": \"F1238C2D-F818-46F1-9B91-5BC55D9D2FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.15\", \"versionEndExcluding\": \"4.19.270\", \"matchCriteriaId\": \"AE8904A3-99BE-4E49-9682-1F90A6373F4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.229\", \"matchCriteriaId\": \"A0C0D95E-414A-445E-941B-3EF6A4D3A093\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.161\", \"matchCriteriaId\": \"6CD83369-DB79-46EF-B731-E327A63A4E1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.85\", \"matchCriteriaId\": \"E0D49B1E-E996-4A13-9C5C-23C64BBD0E0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.0.15\", \"matchCriteriaId\": \"3E66ABBB-C60E-481F-88C6-ED81661DFC31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB047947-8B25-46FD-8AEA-A916F4A3DC71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F0B248-42CF-4AE6-A469-BB1BAE7F4705\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2422816-0C14-4B5E-A1E6-A9D776E5C49B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"35B26BE4-43A6-4A36-A7F6-5B3F572D9186\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FFFB0B3-930D-408A-91E2-BAE0C2715D80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*\", \"matchCriteriaId\": \"8535320E-A0DB-4277-800E-D0CE5BBA59E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*\", \"matchCriteriaId\": \"21718AA4-4056-40F2-968E-BDAA465A7872\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DFB454D-4F85-4BE2-8CC9-70245EAE4D31\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nigb: Initialize mailbox message for VF reset\\n\\nWhen a MAC address is not assigned to the VF, that portion of the message\\nsent to the VF is not set. The memory, however, is allocated from the\\nstack meaning that information may be leaked to the VM. Initialize the\\nmessage buffer to 0 so that no information is passed to the VM in this\\ncase.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: inicializar mensaje de buz\\u00f3n para restablecer VF Cuando no se asigna una direcci\\u00f3n MAC a la VF, esa parte del mensaje enviado a la VF no se configura. Sin embargo, la memoria se asigna desde la pila, lo que significa que la informaci\\u00f3n puede filtrarse a la VM. Inicialice el b\\u00fafer de mensajes a 0 para que no se pase informaci\\u00f3n a la VM en este caso.\"}]",
      "id": "CVE-2022-48949",
      "lastModified": "2024-10-29T16:32:41.797",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-10-21T20:15:06.337",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48949\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T20:15:06.337\",\"lastModified\":\"2024-10-29T16:32:41.797\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nigb: Initialize mailbox message for VF reset\\n\\nWhen a MAC address is not assigned to the VF, that portion of the message\\nsent to the VF is not set. The memory, however, is allocated from the\\nstack meaning that information may be leaked to the VM. Initialize the\\nmessage buffer to 0 so that no information is passed to the VM in this\\ncase.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igb: inicializar mensaje de buz\u00f3n para restablecer VF Cuando no se asigna una direcci\u00f3n MAC a la VF, esa parte del mensaje enviado a la VF no se configura. Sin embargo, la memoria se asigna desde la pila, lo que significa que la informaci\u00f3n puede filtrarse a la VM. Inicialice el b\u00fafer de mensajes a 0 para que no se pase informaci\u00f3n a la VM en este caso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.14.303\",\"matchCriteriaId\":\"F1238C2D-F818-46F1-9B91-5BC55D9D2FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.270\",\"matchCriteriaId\":\"AE8904A3-99BE-4E49-9682-1F90A6373F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.229\",\"matchCriteriaId\":\"A0C0D95E-414A-445E-941B-3EF6A4D3A093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.161\",\"matchCriteriaId\":\"6CD83369-DB79-46EF-B731-E327A63A4E1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.85\",\"matchCriteriaId\":\"E0D49B1E-E996-4A13-9C5C-23C64BBD0E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.0.15\",\"matchCriteriaId\":\"3E66ABBB-C60E-481F-88C6-ED81661DFC31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB047947-8B25-46FD-8AEA-A916F4A3DC71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F0B248-42CF-4AE6-A469-BB1BAE7F4705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2422816-0C14-4B5E-A1E6-A9D776E5C49B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B26BE4-43A6-4A36-A7F6-5B3F572D9186\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFFB0B3-930D-408A-91E2-BAE0C2715D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"8535320E-A0DB-4277-800E-D0CE5BBA59E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"21718AA4-4056-40F2-968E-BDAA465A7872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DFB454D-4F85-4BE2-8CC9-70245EAE4D31\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48949\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T13:21:53.220754Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T13:21:56.291Z\"}}], \"cna\": {\"title\": \"igb: Initialize mailbox message for VF reset\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"a6629659af3f5c6a91e3914ea62554c975ab77f4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"ef1d739dd1f362aec081278ff92f943c31eb177a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"c581439a977545d61849a72e8ed631cfc8a2a3c1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"f2479c3daaabccbac6c343a737615d0c595c6dc4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"367e1e3399dbc56fc669740c4ab60e35da632b0e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"51fd5ede7ed42f272682a0c33d6f0767b3484a3d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"c383c7c35c7bc15e07a04eefa060a8a80cbeae29\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6ddbc4cf1f4d5a3a58b4223c80881f299dae3774\", \"lessThan\": \"de5dc44370fbd6b46bd7f1a1e00369be54a041c8\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/intel/igb/igb_main.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.14.303\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.270\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.229\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.161\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.85\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.0.15\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.2\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/intel/igb/igb_main.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4\"}, {\"url\": \"https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a\"}, {\"url\": \"https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1\"}, {\"url\": \"https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4\"}, {\"url\": \"https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e\"}, {\"url\": \"https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d\"}, {\"url\": \"https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29\"}, {\"url\": \"https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nigb: Initialize mailbox message for VF reset\\n\\nWhen a MAC address is not assigned to the VF, that portion of the message\\nsent to the VF is not set. The memory, however, is allocated from the\\nstack meaning that information may be leaked to the VM. Initialize the\\nmessage buffer to 0 so that no information is passed to the VM in this\\ncase.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.303\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.270\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.229\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.161\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.85\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0.15\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.1\", \"versionStartIncluding\": \"4.0\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.2\", \"versionStartIncluding\": \"4.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T08:26:44.707Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-48949\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T08:26:44.707Z\", \"dateReserved\": \"2024-08-22T01:27:53.625Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-21T20:05:37.782Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.