CVE-2022-48964

Summary

In the Linux kernel, the following vulnerability has been resolved:

ravb: Fix potential use-after-free in ravb_rx_gbeth()

The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1c59eb678cbd8d322d06d3a5514d36e8e1a4e84c < e63c681494dcc0527c625a0a4f59bf10259f5ee0affected
LinuxLinux1c59eb678cbd8d322d06d3a5514d36e8e1a4e84c < 5a5a3e564de6a8db987410c5c2f4748d50ea82b8affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux6.0.13 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References