fkie_cve-2022-48850
Vulnerability from fkie_nvd
Published
2024-07-16 13:15
Modified
2024-11-21 07:34
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net-sysfs: add check for netdevice being present to speed_show
When bringing down the netdevice or system shutdown, a panic can be
triggered while accessing the sysfs path because the device is already
removed.
[ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called
[ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called
...
[ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280
crash> bt
...
PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd"
...
#9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778
[exception RIP: dma_pool_alloc+0x1ab]
RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046
RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000
RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090
RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00
R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0
R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]
#11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]
#12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]
#13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]
#14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]
#15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]
#16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]
#17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46
#18 [ffff89240e1a3d48] speed_show at ffffffff8f277208
#19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3
#20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf
#21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596
#22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10
#23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5
#24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff
#25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f
#26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92
crash> net_device.state ffff89443b0c0000
state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER)
To prevent this scenario, we also make sure that the netdevice is present.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "22B29938-3445-45F5-868D-74D6063E6D64", versionEndExcluding: "4.9.307", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7F0FA2C5-4E50-48A6-9D72-7C133B60EF05", versionEndExcluding: "4.14.272", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F8671D74-E8CD-4E41-A93F-3E3E88125D16", versionEndExcluding: "4.19.235", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B374BFBF-C879-4A72-921F-C850CF7DFB99", versionEndExcluding: "5.4.185", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "6A4F38AC-99A2-48DF-B132-C9F785B309B8", versionEndExcluding: "5.10.106", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "15DC6588-B28F-4637-9A1E-3753B34A40CF", versionEndExcluding: "5.15.29", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "83FDEDF2-0E19-4879-91FD-171E66D1B335", versionEndExcluding: "5.16.15", versionStartIncluding: "5.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel, the following vulnerability has been resolved:\n\nnet-sysfs: add check for netdevice being present to speed_show\n\nWhen bringing down the netdevice or system shutdown, a panic can be\ntriggered while accessing the sysfs path because the device is already\nremoved.\n\n [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called\n [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called\n ...\n [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null)\n [ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280\n\n crash> bt\n ...\n PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: \"amsd\"\n ...\n #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778\n [exception RIP: dma_pool_alloc+0x1ab]\n RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046\n RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000\n RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090\n RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00\n R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0\n R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]\n #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]\n #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]\n #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]\n #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]\n #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]\n #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]\n #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46\n #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208\n #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3\n #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf\n #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596\n #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10\n #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5\n #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff\n #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f\n #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92\n\n crash> net_device.state ffff89443b0c0000\n state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER)\n\nTo prevent this scenario, we also make sure that the netdevice is present.", }, { lang: "es", value: "En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net-sysfs: agregue verificación para que netdevice esté presente en speed_show Al desactivar el netdevice o apagar el sistema, se puede desencadenar un pánico al acceder a la ruta sysfs porque el dispositivo ya está eliminado. [ 755.549084] mlx5_core 0000:12:00.1: Se llamó al apagado [ 756.404455] mlx5_core 0000:12:00.0: Se llamó al apagado... [ 757.937260] ERROR: no se puede manejar la desreferencia del puntero NULL del kernel en (nulo) [ 758.031397] IP: [] dma_pool_alloc+0x1ab/0x280 crash> bt... PID: 12649 TAREA: ffff8924108f2100 CPU: 1 COMANDO: \"amsd\"... #9 [ffff89240e1a38b0] page_fault en ffffffff8f38c778 [excepción RIP: pool_alloc+0x1ab] RIP : ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046 RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000 RDX: 00000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090 RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00 R10: ffffffffc04680d4 R11: d R12: 00000000000080d0 R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg en ffffffffc04680f3 [mlx5_core] #11 [ffff89240e1a3a18] d_exec en ffffffffc046ad62 [mlx5_core] #12 [ffff89240e1a3ab8] mlx5_cmd_exec en ffffffffc046b4fb [mlx5_core] #13 [ffff89240e1a3ae8] mlx5_core_access_reg en ffffffffc0475434 [mlx5_core] #14 [ffff89240e1a3b40] mlx5e_get_fec_caps en ffffffffc04a7348 [mlx5_core] #15 [ffff89240e1a3bb0] get_fec_supported_advertised en ffffffffc04992bf [mlx5_core] #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings en ffffffffc049ab36 [mlx5_core] #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings en ffffffff8f25db46 #18 [ ffff89240e1a3d48] speed_show en ffffffff8f277208 #19 [ffff89240e1a3dd8] dev_attr_show en ffffffff8f0b70e3 #20 [ffff89240e1a3df8] sysfs_kf_seq_show en ffffffff8eedbedf #21 40e1a3e18] kernfs_seq_show en ffffffff8eeda596 #22 [ffff89240e1a3e28] seq_read en ffffffff8ee76d10 #23 [ffff89240e1a3e98] kernfs_fop_read en ffffffff8eedaef5 #24 8] vfs_read en ffffffff8ee4e3ff #25 [ffff89240e1a3f08] sys_read en ffffffff8ee4f27f #26 [ffff89240e1a3f50] system_call_fastpath en ffffffff8f395f92 crash> net_device.state ffff89443b0c0000 estado = 0x5 LINK_STATE_START| __LINK_STATE_NOCARRIER) Para evitar este escenario, también nos aseguramos de que el netdevice esté presente.", }, ], id: "CVE-2022-48850", lastModified: "2024-11-21T07:34:12.593", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-16T13:15:12.170", references: [ { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2", }, { source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c", }, ], sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.