CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.3<5.4.226 | |
| Linux Kernel | >=5.5<5.10.158 | |
| Linux Kernel | >=5.11<5.15.82 | |
| Linux Kernel | >=5.16<6.0.12 | |
| Linux Kernel | =6.1-rc1 | |
| Linux Kernel | =6.1-rc2 | |
| Linux Kernel | =6.1-rc3 | |
| Linux Kernel | =6.1-rc4 | |
| Linux Kernel | =6.1-rc5 | |
| Linux Kernel | =6.1-rc6 | |
| Linux Kernel | =6.1-rc7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b
- https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff
- https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b
- https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904
- https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae
Frequently Asked Questions
What is the severity of CVE-2022-49025?
CVE-2022-49025 has a severity rating that warrants immediate attention due to potential exploitation risks.
How do I fix CVE-2022-49025?
To fix CVE-2022-49025, update your Linux kernel to a vulnerable version that addresses the use-after-free issue.
What versions of the Linux kernel are affected by CVE-2022-49025?
CVE-2022-49025 affects multiple versions of the Linux kernel between 5.3 and 6.1-rc7.
What types of systems might be impacted by CVE-2022-49025?
CVE-2022-49025 could impact any system running an affected version of the Linux kernel, particularly those using the mlx5e driver.
Is there any additional information on CVE-2022-49025?
Additional details on CVE-2022-49025 can be found in the official Linux kernel git repository.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.3
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.1-rc1
- version/linux kernel/6.1-rc2
- version/linux kernel/6.1-rc3
- version/linux kernel/6.1-rc4
- version/linux kernel/6.1-rc5
- version/linux kernel/6.1-rc6
- version/linux kernel/6.1-rc7