CVE-2022-48743

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: amd-xgbe: Fix skb data length underflow

There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected.

Fix this by dropping the packet if such length underflows are seen because of inconsistencies in the hardware descriptors.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfafc9555d87a19c78bcd43ed731c3a73bf0b37a9 < 9924c80bd484340191e586110ca22bff23a49f2eaffected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < 617f9934bb37993b9813832516f318ba874bcb7daffected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < 34aeb4da20f93ac80a6291a2dbe7b9c6460e9b26affected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < 9892742f035f7aa7dcd2bb0750effa486db89576affected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < 4d3fcfe8464838b3920bc2b939d888e0b792934eaffected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < db6fd92316a254be2097556f01bccecf560e53ceaffected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < e8f73f620fee5f52653ed2da360121e4446575c5affected
LinuxLinux622c36f143fc9566ba49d7cec994c2da1182d9e2 < 5aac9108a180fc06e28d4e7fb00247ce603b72eeaffected
LinuxLinuxae43f9360a21b35cf785ae9a0fdce524d7af0938affected
LinuxLinuxae9d577f3dbb686862b7d0dc9cc73054f0964d4daffected
LinuxLinux4.9.19 < 4.9.300affected
LinuxLinux4.4.58 < 4.5affected
LinuxLinux4.10.7 < 4.11affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux4.9.300 <= 4.9.*unaffected
LinuxLinux4.14.265 <= 4.14.*unaffected
LinuxLinux4.19.228 <= 4.19.*unaffected
LinuxLinux5.4.177 <= 5.4.*unaffected
LinuxLinux5.10.97 <= 5.10.*unaffected
LinuxLinux5.15.20 <= 5.15.*unaffected
LinuxLinux5.16.6 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References