Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2022-48811
HistoryJul 16, 2024 - 12:15 p.m.

CVE-2022-48811

2024-07-1612:15:05
Linux
web.nvd.nist.gov
32
linux kernel
vulnerability
ibmvnic
napi
irqs
crash
exploit
null pointer
dereference

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

16.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ibmvnic: don’t release napi in __ibmvnic_open()

If __ibmvnic_open() encounters an error such as when setting link state,
it calls release_resources() which frees the napi structures needlessly.
Instead, have __ibmvnic_open() only clean up the work it did so far (i.e.
disable napi and irqs) and leave the rest to the callers.

If caller of __ibmvnic_open() is ibmvnic_open(), it should release the
resources immediately. If the caller is do_reset() or do_hard_reset(),
they will release the resources on the next reset.

This fixes following crash that occurred when running the drmgr command
several times to add/remove a vnic interface:

[102056] ibmvnic 30000003 env3: Disabling rx_scrq[6] irq
[102056] ibmvnic 30000003 env3: Disabling rx_scrq[7] irq
[102056] ibmvnic 30000003 env3: Replenished 8 pools
Kernel attempted to read user page (10) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000010
Faulting instruction address: 0xc000000000a3c840
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
...
CPU: 9 PID: 102056 Comm: kworker/9:2 Kdump: loaded Not tainted 5.16.0-rc5-autotest-g6441998e2e37 #1
Workqueue: events_long __ibmvnic_reset [ibmvnic]
NIP:  c000000000a3c840 LR: c0080000029b5378 CTR: c000000000a3c820
REGS: c0000000548e37e0 TRAP: 0300   Not tainted  (5.16.0-rc5-autotest-g6441998e2e37)
MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 28248484  XER: 00000004
CFAR: c0080000029bdd24 DAR: 0000000000000010 DSISR: 40000000 IRQMASK: 0
GPR00: c0080000029b55d0 c0000000548e3a80 c0000000028f0200 0000000000000000
...
NIP [c000000000a3c840] napi_enable+0x20/0xc0
LR [c0080000029b5378] __ibmvnic_open+0xf0/0x430 [ibmvnic]
Call Trace:
[c0000000548e3a80] [0000000000000006] 0x6 (unreliable)
[c0000000548e3ab0] [c0080000029b55d0] __ibmvnic_open+0x348/0x430 [ibmvnic]
[c0000000548e3b40] [c0080000029bcc28] __ibmvnic_reset+0x500/0xdf0 [ibmvnic]
[c0000000548e3c60] [c000000000176228] process_one_work+0x288/0x570
[c0000000548e3d00] [c000000000176588] worker_thread+0x78/0x660
[c0000000548e3da0] [c0000000001822f0] kthread+0x1c0/0x1d0
[c0000000548e3e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
7d2948f8 792307e0 4e800020 60000000 3c4c01eb 384239e0 f821ffd1 39430010
38a0fff6 e92d1100 f9210028 39200000 <e9030010> f9010020 60420000 e9210020
---[ end trace 5f8033b08fd27706 ]---

Affected configurations

Vulners
Node
linuxlinux_kernelRange4.125.15.27
OR
linuxlinux_kernelRange5.16.05.16.10
OR
linuxlinux_kernelRange5.17.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/ibm/ibmvnic.c"
    ],
    "versions": [
      {
        "version": "ed651a10875f",
        "lessThan": "960dfaf3b578",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ed651a10875f",
        "lessThan": "e08cb9056fb2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ed651a10875f",
        "lessThan": "61772b0908c6",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/ibm/ibmvnic.c"
    ],
    "versions": [
      {
        "version": "4.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.12",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.27",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.10",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
nvd 1
cvelist 1
osv 1
debiancve 1
redhatcve 1
vulnrichment 1
nessus 7
openvas 2
ubuntucve
ubuntucve
CVE-2022-48811
2024-07-16 00:00:00
nvd
nvd
CVE-2022-48811
2024-07-16 12:15:05
cvelist
cvelist
CVE-2022-48811 ibmvnic: don't release napi in __ibmvnic_open()
2024-07-16 11:44:01
osv
osv
CVE-2022-48811
2024-07-16 12:15:00
debiancve
debiancve
CVE-2022-48811
2024-07-16 12:15:05
redhatcve
redhatcve
CVE-2022-48811
2024-07-16 22:23:46
vulnrichment
vulnrichment
CVE-2022-48811 ibmvnic: don't release napi in __ibmvnic_open()
2024-07-16 11:44:01
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2892-1)
2024-08-14 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:2940-1)
2024-08-17 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:2901-1)
2024-08-15 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2901-1)
2024-08-15 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:2947-1)
2024-08-20 00:00:00

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

16.0%

JSON
Related for CVE-2022-48811
ubuntucve1nvd1cvelist1osv1debiancve1redhatcve1vulnrichment1nessus7openvas2