ghsa-pxfr-7m9j-39vf
Vulnerability from github
Published
2025-10-22 15:31
Modified
2025-10-22 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/netiucv: Fix return type of netiucv_tx()

With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to catch these at compile time, which reveals:

drivers/s390/net/netiucv.c:1854:21: error: incompatible function pointer types initializing 'netdev_tx_t ()(struct sk_buff , struct net_device )' (aka 'enum netdev_tx ()(struct sk_buff , struct net_device )') with an expression of type 'int (struct sk_buff , struct net_device )' [-Werror,-Wincompatible-function-pointer-types-strict] .ndo_start_xmit = netiucv_tx, ^~~~~~~~~~

->ndo_start_xmit() in 'struct net_device_ops' expects a return type of 'netdev_tx_t', not 'int'. Adjust the return type of netiucv_tx() to match the prototype's to resolve the warning and potential CFI failure, should s390 select ARCH_SUPPORTS_CFI_CLANG in the future.

Additionally, while in the area, remove a comment block that is no longer relevant.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50564"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T14:15:41Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/netiucv: Fix return type of netiucv_tx()\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n  drivers/s390/net/netiucv.c:1854:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n          .ndo_start_xmit         = netiucv_tx,\n                                    ^~~~~~~~~~\n\n-\u003endo_start_xmit() in \u0027struct net_device_ops\u0027 expects a return type of\n\u0027netdev_tx_t\u0027, not \u0027int\u0027. Adjust the return type of netiucv_tx() to\nmatch the prototype\u0027s to resolve the warning and potential CFI failure,\nshould s390 select ARCH_SUPPORTS_CFI_CLANG in the future.\n\nAdditionally, while in the area, remove a comment block that is no\nlonger relevant.",
  "id": "GHSA-pxfr-7m9j-39vf",
  "modified": "2025-10-22T15:31:09Z",
  "published": "2025-10-22T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50564"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ac0217ca9186c2f9af9a0113a331a42aa847894"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4bee3c75d5bf7c2b5dc0b520410eb40449e5da31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85d392710275355425df8618ccbebbc336f5acc5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88d86d18d7cf7e9137c95f9d212bb9fff8a1b4be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d034fa43af92fc46a81d882f46d9cc3e4ffdbbcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dfbf0122ea1b9b3e73fa22c8ff6bd888935c54fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7a849f740e3576e79cba403697e916f4c3a6f12"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eccc88c0efe407e579291792ad07a7dedc0f63f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f13d870fce90f01cf930bfaffecc8185ae0be21c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.