← Retour aux CVEs

CVE-2022-48807

MEDIUM

5.5

Description

In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unlink notification as for a NETDEV_UNREGISTER call. This is causing a problem though, since the netdev_notifier_info passed has a different structure depending on which event is passed. The problem manifests as a call trace from a BUG: KASAN stack-out-of-bounds error. Fix this by creating a handler specific to NETDEV_UNREGISTER that only is passed valid elements in the netdev_notifier_info struct for the NETDEV_UNREGISTER event. Also included is the removal of an unbalanced dev_put on the peer_netdev and related braces.

Details CVE

Score CVSS v3.15.5

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie7/16/2024

Derniere modification9/25/2025

Sourcenvd

Observations honeypot0

Produits affectes

linux:linux_kernel

Faiblesses (CWE)

CWE-908

References

https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.