CVE-2022-48807

Summary

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler

Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unlink notification as for a NETDEV_UNREGISTER call. This is causing a problem though, since the netdev_notifier_info passed has a different structure depending on which event is passed. The problem manifests as a call trace from a BUG: KASAN stack-out-of-bounds error.

Fix this by creating a handler specific to NETDEV_UNREGISTER that only is passed valid elements in the netdev_notifier_info struct for the NETDEV_UNREGISTER event.

Also included is the removal of an unbalanced dev_put on the peer_netdev and related braces.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6a8b357278f5f8b9817147277ab8f12879dce8a8 < f9daedc3ab8f673e3a9374b91a89fbf1174df469affected
LinuxLinux6a8b357278f5f8b9817147277ab8f12879dce8a8 < faa9bcf700ca1a0d09f92502a6b65d3ce313fb46affected
LinuxLinux6a8b357278f5f8b9817147277ab8f12879dce8a8 < bea1898f65b9b7096cb4e73e97c83b94718f1fa1affected
LinuxLinuxe83b3cce4722b880c277d44b13eebf2548cb2ebbaffected
LinuxLinux5.14.16 < 5.15affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.24 <= 5.15.*unaffected
LinuxLinux5.16.10 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References