fkie_cve-2022-49084
Vulnerability from fkie_nvd
Published
2025-02-26 07:00
Modified
2025-02-26 07:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel panic because the skb to reserve is NULL. Add a check in case build_skb() failed to allocate and return NULL. The NULL return is handled correctly in callers to qede_build_skb().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/034a92c6a81048128fc7b18d278d52438a13902a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4e910dbe36508654a896d5735b318c0b88172570
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8928239e5e2e460d95b8a0b89f61671625e7ece0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9648adb1b3ece55c657d3a4f52bfee663b710dfe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b2d6b3db9d1cf80908964036dbe1c52a86b1afb1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c9bdce2359b5f4986eb38d1e81865b3586cc20d2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e1fd0c42acfa22bb34d2ab6a111484f466ab8093
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqede: confirm skb is allocated before using\n\nqede_build_skb() assumes build_skb() always works and goes straight\nto skb_reserve(). However, build_skb() can fail under memory pressure.\nThis results in a kernel panic because the skb to reserve is NULL.\n\nAdd a check in case build_skb() failed to allocate and return NULL.\n\nThe NULL return is handled correctly in callers to qede_build_skb()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: qede: confirmar que skb est\u00e1 asignado antes de usar qede_build_skb() supone que build_skb() siempre funciona y pasa directamente a skb_reserve(). Sin embargo, build_skb() puede fallar bajo presi\u00f3n de memoria. Esto da como resultado un p\u00e1nico del kernel porque el skb a reservar es NULL. Agregue una verificaci\u00f3n en caso de que build_skb() no pueda asignar y devuelva NULL. El retorno NULL se maneja correctamente en los llamadores a qede_build_skb()."
    }
  ],
  "id": "CVE-2022-49084",
  "lastModified": "2025-02-26T07:00:45.737",
  "metrics": {},
  "published": "2025-02-26T07:00:45.737",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/034a92c6a81048128fc7b18d278d52438a13902a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4e910dbe36508654a896d5735b318c0b88172570"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8928239e5e2e460d95b8a0b89f61671625e7ece0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9648adb1b3ece55c657d3a4f52bfee663b710dfe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b2d6b3db9d1cf80908964036dbe1c52a86b1afb1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c9bdce2359b5f4986eb38d1e81865b3586cc20d2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e1fd0c42acfa22bb34d2ab6a111484f466ab8093"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.