Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for() loop with priv->rx_bd_v dereference under the check for its validity. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.17, < 5.4.226 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/45752af0247589e6d3dede577415bfe117b4392cPatch
- https://git.kernel.org/stable/c/80e82f7b440b65cf131dce10f487dc73a7046e6bPatch
- https://git.kernel.org/stable/c/910c0264b64ef2dad8887714a7c56c93e39a0ed3Patch
- https://git.kernel.org/stable/c/9256db4e45e8b497b0e993cc3ed4ad08eb2389b6Patch
- https://git.kernel.org/stable/c/9c584d6d9cfb935dce8fc81a4c26debac0a3049bPatch
FAQ
What is CVE-2022-49019?
CVE-2022-49019 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is poss...
How severe is CVE-2022-49019?
CVE-2022-49019 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49019?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.