CVE-2022-48962

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: hisilicon: Fix potential use-after-free in hisi_femac_rx()

The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < 3501da8eb6d0f5f114a09ec953c54423f6f35885affected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < 196e12671cb629d9f3b77b4d8bec854fc445533aaffected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < aceec8ab752428d8e151321479e82cc1a40fee2eaffected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < e71a46cc8c9ad75f3bb0e4b361e81f79c0214ccaaffected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < 296a50aa8b2982117520713edc1375777a9f8506affected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < 6f4798ac9c9e98f41553c4f5e6c832c8860a6942affected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < 8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9affected
LinuxLinux542ae60af24f02e130e62cb3b7c23163a2350056 < 4640177049549de1a43e9bc49265f0cdfce08cfdaffected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux4.9.336 <= 4.9.*unaffected
LinuxLinux4.14.302 <= 4.14.*unaffected
LinuxLinux4.19.269 <= 4.19.*unaffected
LinuxLinux5.4.227 <= 5.4.*unaffected
LinuxLinux5.10.159 <= 5.10.*unaffected
LinuxLinux5.15.83 <= 5.15.*unaffected
LinuxLinux6.0.13 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References