Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx queues when creating an interface via netlink. This doesn't work for child PKEY interfaces because the child interface uses the parent receive channels. Although the child shares the parent's receive channels, the number of rx queues is important for the channel_stats array: the parent's rx channel index is used to access the child's channel_stats. So the array has to be at least as large as the parent's rx queue size for the counting to work correctly and to prevent out of bound accesses. This patch checks for the mentioned scenario and returns an error when trying to create the interface. The error is propagated to the user.

INFO

Published Date :

2024-08-21T06:10:14.763Z

Last Modified :

2025-05-04T08:25:25.926Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48883 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48883.

URL Resource
https://git.kernel.org/stable/c/31c70bfe58ef09fe36327ddcced9143a16e9e83d cve-icon cve-icon
https://git.kernel.org/stable/c/5844a46f09f768da866d6b0ffbf1a9073266bf24 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024082108-CVE-2022-48883-4df4@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48883 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48883 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact