In the Linux kernel, the following vulnerability has been resolved:
ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
Currently, the same handler is called for both a NETDEV_BONDING_INFO
LAG unlink notification as for a NETDEV_UNREGISTER call. This is
causing a problem though, since the netdev_notifier_info passed has
a different structure depending on which event is passed. The problem
manifests as a call trace from a BUG: KASAN stack-out-of-bounds error.
Fix this by creating a handler specific to NETDEV_UNREGISTER that only
is passed valid elements in the netdev_notifier_info struct for the
NETDEV_UNREGISTER event.
Also included is the removal of an unbalanced dev_put on the peer_netdev
and related braces.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux-intel-iotg-5.15 | < any | UNKNOWN |
git.kernel.org/linus/bea1898f65b9b7096cb4e73e97c83b94718f1fa1 (5.17-rc4)
git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1
git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469
git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46
launchpad.net/bugs/cve/CVE-2022-48807
nvd.nist.gov/vuln/detail/CVE-2022-48807
security-tracker.debian.org/tracker/CVE-2022-48807
www.cve.org/CVERecord?id=CVE-2022-48807