Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.0, < 4.14.303 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0ePatch
- https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3dPatch
- https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4Patch
- https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29Patch
- https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1Patch
- https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8Patch
- https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177aPatch
- https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4Patch
FAQ
What is CVE-2022-48949?
CVE-2022-48949 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the...
How severe is CVE-2022-48949?
CVE-2022-48949 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48949?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.