← Back to CVEs

CVE-2022-48807

MEDIUM

5.5

Description

In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unlink notification as for a NETDEV_UNREGISTER call. This is causing a problem though, since the netdev_notifier_info passed has a different structure depending on which event is passed. The problem manifests as a call trace from a BUG: KASAN stack-out-of-bounds error. Fix this by creating a handler specific to NETDEV_UNREGISTER that only is passed valid elements in the netdev_notifier_info struct for the NETDEV_UNREGISTER event. Also included is the removal of an unbalanced dev_put on the peer_netdev and related braces.

CVE Details

CVSS v3.1 Score5.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published7/16/2024

Last Modified9/25/2025

Sourcenvd

Honeypot Sightings0

Affected Products

linux:linux_kernel

Weaknesses (CWE)

CWE-908

References

https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.