Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2022-48864

HistoryJul 16, 2024 - 1:15 p.m.

CVE-2022-48864

2024-07-1613:15:13

CWE-908

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

virtio_net_ctrl_mq_vq_pairs_set command

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command

When control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command
request from the driver, presently there is no validation against the
number of queue pairs to configure, or even if multiqueue had been
negotiated or not is unverified. This may lead to kernel panic due to
uninitialized resource for the queues were there any bogus request
sent down by untrusted driver. Tie up the loose ends there.

Affected configurations

Nvd

Node

linuxlinux_kernelRange5.15–5.15.29

linuxlinux_kernelRange5.16–5.16.15

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230

git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e

git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-48864