CVE-2022-48841

Summary

In the Linux kernel, the following vulnerability has been resolved:

ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()

It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on ring is accessed to propagate gathered Tx stats onto VSI stats.

Change the existing logic to move to next ring when ring is NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe72bba21355dbb67512a0d666fec9f4b56dbfc2f < 2397270ec97c5e3009a58ac110a25e1869e9d6ffaffected
LinuxLinuxe72bba21355dbb67512a0d666fec9f4b56dbfc2f < f153546913bada41a811722f2c6d17c3243a0333affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.16.17 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References