CVE-2022-48720 net: macsec: Fix offload support for NETDEV_UNREGISTER event

2024-06-2011:13:12

Linux

github.com

linux kernel

macsec

vulnerability

offload support

netdev_unregister event

resources leak

underlay driver.

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: macsec: Fix offload support for NETDEV_UNREGISTER event

Current macsec netdev notify handler handles NETDEV_UNREGISTER event by
releasing relevant SW resources only, this causes resources leak in case
of macsec HW offload, as the underlay driver was not notified to clean
it’s macsec offload resources.

Fix by calling the underlay driver to clean it’s relevant resources
by moving offload handling from macsec_dellink() to macsec_common_dellink()
when handling NETDEV_UNREGISTER event.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "3cf3227a21d1",
        "lessThan": "2e7f5b6ee1a7",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "3cf3227a21d1",
        "lessThan": "e7a0b3a0806d",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "3cf3227a21d1",
        "lessThan": "8299be160aad",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "3cf3227a21d1",
        "lessThan": "9cef24c8b76c",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "drivers/net/macsec.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.6"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.6",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.10.99",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.15.22",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "5.16.8",
        "versionType": "custom",
        "lessThanOrEqual": "5.16.*"
      },
      {
        "status": "unaffected",
        "version": "5.17",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "drivers/net/macsec.c"
    ],
    "defaultStatus": "affected"
  }
]