CVE-2022-48960

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: hisilicon: Fix potential use-after-free in hix5hd2_rx()

The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < 179499e7a240b2ef590f05eb379c810c26bbc8a4affected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < 8067cd244cea2c332f8326842fd10158fa2cb64faffected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < 3a4eddd1cb023a71df4152fcc76092953e6fe95aaffected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < 1b6360a093ab8969c91a30bb58b753282e2ced4caffected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < 93aaa4bb72e388f6a4887541fd3d18b84f1b5ddcaffected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < b8ce0e6f9f88a6bb49d291498377e61ea27a5387affected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < b6307f7a2fc1c5407b6176f2af34a95214a8c262affected
LinuxLinux57c5bc9ad7d799e9507ba6e993398d2c55f03fab < 433c07a13f59856e4585e89e86b7d4cc59348fabaffected
LinuxLinux3.16affected
LinuxLinux0 < 3.16unaffected
LinuxLinux4.9.336 <= 4.9.*unaffected
LinuxLinux4.14.302 <= 4.14.*unaffected
LinuxLinux4.19.269 <= 4.19.*unaffected
LinuxLinux5.4.227 <= 5.4.*unaffected
LinuxLinux5.10.159 <= 5.10.*unaffected
LinuxLinux5.15.83 <= 5.15.*unaffected
LinuxLinux6.0.13 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References