CVE-2022-49182

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: add vlan list lock to protect vlan list

When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use after free" error. This patch adds a vlan list lock to protect the vlan list.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc6075b193462d9a3930fb41f587f94720658752a < 30f0ff7176efe8ac6c55f85bce26ed58bb608758affected
LinuxLinuxc6075b193462d9a3930fb41f587f94720658752a < 09e383ca97e798f9954189b741af54b5c51e7a97affected
LinuxLinuxc6075b193462d9a3930fb41f587f94720658752a < f58af41deeab0f45c9c80adf5f2de489ebbac3ddaffected
LinuxLinuxc6075b193462d9a3930fb41f587f94720658752a < 1932a624ab88ff407d1a1d567fe581faa15dc725affected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.15.33 <= 5.15.*unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References