OpenCVE

In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efx_hard_start_xmit Trying to get the channel from the tx_queue variable here is wrong because we can only be here if tx_queue is NULL, so we shouldn't dereference it. As the above comment in the code says, this is very unlikely to happen, but it's wrong anyway so let's fix it. I hit this issue because of a different bug that caused tx_queue to be NULL. If that happens, this is the error message that we get here: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3
https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998
https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7
https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03
https://lore.kernel.org/linux-cve-announce/2024042857-CVE-2022-48648-eaf8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48648
https://www.cve.org/CVERecord?id=CVE-2022-48648

History

Thu, 21 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T13:00:28.994Z

Updated: 2024-11-21T21:24:43.643Z

Reserved: 2024-02-25T13:44:28.316Z

Link: CVE-2022-48648

Vulnrichment

Updated: 2024-08-03T15:17:55.597Z

NVD

Status : Awaiting Analysis

Published: 2024-04-28T13:15:07.290

Modified: 2024-11-21T07:33:41.353

Link: CVE-2022-48648

Redhat

Severity : Moderate

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2022-48648 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48648", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:44:28.316Z", "datePublished": "2024-04-28T13:00:28.994Z", "dateUpdated": "2024-11-21T21:24:43.643Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:13:56.493Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix null pointer dereference in efx_hard_start_xmit\n\nTrying to get the channel from the tx_queue variable here is wrong\nbecause we can only be here if tx_queue is NULL, so we shouldn't\ndereference it. As the above comment in the code says, this is very\nunlikely to happen, but it's wrong anyway so let's fix it.\n\nI hit this issue because of a different bug that caused tx_queue to be\nNULL. If that happens, this is the error message that we get here:\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/sfc/tx.c"], "versions": [{"version": "12804793b17c", "lessThan": "b3b41d4d95d3", "status": "affected", "versionType": "git"}, {"version": "12804793b17c", "lessThan": "8547c7bfc061", "status": "affected", "versionType": "git"}, {"version": "12804793b17c", "lessThan": "b3b952168ee1", "status": "affected", "versionType": "git"}, {"version": "12804793b17c", "lessThan": "0a242eb2913a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/sfc/tx.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.146", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.71", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.12", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7"}, {"url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998"}, {"url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03"}, {"url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3"}], "title": "sfc: fix null pointer dereference in efx_hard_start_xmit", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:40:59.005173Z", "id": "CVE-2022-48648", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T21:24:43.643Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.597Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.597Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48648", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:40:59.005173Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:41:00.344Z"}}], "cna": {"title": "sfc: fix null pointer dereference in efx_hard_start_xmit", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "12804793b17c", "lessThan": "b3b41d4d95d3", "versionType": "git"}, {"status": "affected", "version": "12804793b17c", "lessThan": "8547c7bfc061", "versionType": "git"}, {"status": "affected", "version": "12804793b17c", "lessThan": "b3b952168ee1", "versionType": "git"}, {"status": "affected", "version": "12804793b17c", "lessThan": "0a242eb2913a", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/sfc/tx.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.146", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.71", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.19.12", "versionType": "semver", "lessThanOrEqual": "5.19.*"}, {"status": "unaffected", "version": "6.0", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/sfc/tx.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7"}, {"url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998"}, {"url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03"}, {"url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix null pointer dereference in efx_hard_start_xmit\n\nTrying to get the channel from the tx_queue variable here is wrong\nbecause we can only be here if tx_queue is NULL, so we shouldn't\ndereference it. As the above comment in the code says, this is very\nunlikely to happen, but it's wrong anyway so let's fix it.\n\nI hit this issue because of a different bug that caused tx_queue to be\nNULL. If that happens, this is the error message that we get here:\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:13:56.493Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48648", "state": "PUBLISHED", "dateUpdated": "2024-11-21T21:24:43.643Z", "dateReserved": "2024-02-25T13:44:28.316Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-28T13:00:28.994Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix null pointer dereference in efx_hard_start_xmit\n\nTrying to get the channel from the tx_queue variable here is wrong\nbecause we can only be here if tx_queue is NULL, so we shouldn't\ndereference it. As the above comment in the code says, this is very\nunlikely to happen, but it's wrong anyway so let's fix it.\n\nI hit this issue because of a different bug that caused tx_queue to be\nNULL. If that happens, this is the error message that we get here:\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc: corrige la desreferencia del puntero nulo en efx_hard_start_xmit Intentar obtener el canal de la variable tx_queue aqu\u00ed es incorrecto porque solo podemos estar aqu\u00ed si tx_queue es NULL, por lo que no debemos desreferenciarlo. Como dice el comentario anterior en el c\u00f3digo, es muy poco probable que esto suceda, pero de todos modos est\u00e1 mal, as\u00ed que solucion\u00e9moslo. Encontr\u00e9 este problema debido a un error diferente que provoc\u00f3 que tx_queue fuera NULL. Si eso sucede, este es el mensaje de error que recibimos aqu\u00ed: ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]"}], "id": "CVE-2022-48648", "lastModified": "2024-11-21T07:33:41.353", "metrics": {}, "published": "2024-04-28T13:15:07.290", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: sfc: fix null pointer dereference in efx_hard_start_xmit", "id": "2277814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277814"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsfc: fix null pointer dereference in efx_hard_start_xmit\nTrying to get the channel from the tx_queue variable here is wrong\nbecause we can only be here if tx_queue is NULL, so we shouldn't\ndereference it. As the above comment in the code says, this is very\nunlikely to happen, but it's wrong anyway so let's fix it.\nI hit this issue because of a different bug that caused tx_queue to be\nNULL. If that happens, this is the error message that we get here:\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n[...]\nRIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]", "A potential NULL pointer dereference was found in efx_hard_start_xmit in the Linux kernel. This issue may lead to a crash."], "name": "CVE-2022-48648", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48648\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48648\nhttps://lore.kernel.org/linux-cve-announce/2024042857-CVE-2022-48648-eaf8@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.146, kernel 5.15.71, kernel 5.19.12, kernel 6.0"}