CVE-2022-49019

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: nixge: fix NULL dereference

In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init().

Move for() loop with priv->rx_bd_v dereference under the check for its validity.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux492caffa8a1a405f661c111acabfe6b8b9645db8 < 910c0264b64ef2dad8887714a7c56c93e39a0ed3affected
LinuxLinux492caffa8a1a405f661c111acabfe6b8b9645db8 < 45752af0247589e6d3dede577415bfe117b4392caffected
LinuxLinux492caffa8a1a405f661c111acabfe6b8b9645db8 < 9c584d6d9cfb935dce8fc81a4c26debac0a3049baffected
LinuxLinux492caffa8a1a405f661c111acabfe6b8b9645db8 < 80e82f7b440b65cf131dce10f487dc73a7046e6baffected
LinuxLinux492caffa8a1a405f661c111acabfe6b8b9645db8 < 9256db4e45e8b497b0e993cc3ed4ad08eb2389b6affected
LinuxLinux4.17affected
LinuxLinux0 < 4.17unaffected
LinuxLinux5.4.226 <= 5.4.*unaffected
LinuxLinux5.10.158 <= 5.10.*unaffected
LinuxLinux5.15.82 <= 5.15.*unaffected
LinuxLinux6.0.12 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References