CVE-2022-48841 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 99.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +4 more

Timeline

PublishedJul 16

Description

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on ring is accessed to propagate gathered Tx stats onto VSI stats. Change the existing logic to move to next ring when ring is NULL.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDlinux/linux_kernel< 5.16.17+1

▶Debianlinux/linux_kernel< 5.17.3-1+2

▶CVEListV5linux/linuxe72bba21355dbb67512a0d666fec9f4b56dbfc2f — 2397270ec97c5e3009a58ac110a25e1869e9d6ff+2

▶debiandebian/linux< linux 5.17.3-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.162.2-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2022-48841: In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible↗2024-07-16

▶

GHSA

GHSA-7pgp-w5jc-4xjm: In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possib↗2024-07-16

▶

📋Vendor Advisories

Red Hat

kernel: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()↗2024-07-16

▶

Microsoft

ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()↗2024-07-09

▶

Debian

CVE-2022-48841: linux - In the Linux kernel, the following vulnerability has been resolved: ice: fix NU...↗2022

▶