Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unlink notification as for a NETDEV_UNREGISTER call. This is causing a problem though, since the netdev_notifier_info passed has a different structure depending on which event is passed. The problem manifests as a call trace from a BUG: KASAN stack-out-of-bounds error. Fix this by creating a handler specific to NETDEV_UNREGISTER that only is passed valid elements in the netdev_notifier_info struct for the NETDEV_UNREGISTER event. Also included is the removal of an unbalanced dev_put on the peer_netdev and related braces.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.14.16, < 5.15 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1Patch
- https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469Patch
- https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46Patch
- https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1Patch
- https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469Patch
- https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46Patch
FAQ
What is CVE-2022-48807?
CVE-2022-48807 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unl...
How severe is CVE-2022-48807?
CVE-2022-48807 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48807?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.