csaf_suse - suse-su-2025:4004-1

suse-su-2025:4004-1

Vulnerability from csaf_suse

Published

2025-11-09 07:03

Modified

2025-11-09 07:03

Summary

Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)

Description of the patch

This update for the Linux Kernel 5.3.18-150300_59_218 fixes several issues. The following security issues were fixed: - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249841). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).

Patchnames

SUSE-2025-4004,SUSE-SLE-Module-Live-Patching-15-SP3-2025-4004

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_218 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249841).\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631).\n- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-4004,SUSE-SLE-Module-Live-Patching-15-SP3-2025-4004",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4004-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:4004-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254004-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:4004-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023184.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1248631",
        "url": "https://bugzilla.suse.com/1248631"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249841",
        "url": "https://bugzilla.suse.com/1249841"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249847",
        "url": "https://bugzilla.suse.com/1249847"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-50248 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-50248/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-50252 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-50252/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38664 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38664/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 61 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2025-11-09T07:03:51Z",
      "generator": {
        "date": "2025-11-09T07:03:51Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:4004-1",
      "initial_release_date": "2025-11-09T07:03:51Z",
      "revision_history": [
        {
          "date": "2025-11-09T07:03:51Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_218-preempt-2-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_218-preempt-2-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_218-preempt-2-150300.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-50248",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-50248"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix double free on tx path.\n\nWe see kernel crashes and lockups and KASAN errors related to ax210\nfirmware crashes.  One of the KASAN dumps pointed at the tx path,\nand it appears there is indeed a way to double-free an skb.\n\nIf iwl_mvm_tx_skb_sta returns non-zero, then the \u0027skb\u0027 sent into the\nmethod will be freed.  But, in case where we build TSO skb buffer,\nthe skb may also be freed in error case.  So, return 0 in that particular\nerror case and do cleanup manually.\n\nBUG: KASAN: use-after-free in __list_del_entry_valid+0x12/0x90\niwlwifi 0000:06:00.0: 0x00000000 | tsf hi\nRead of size 8 at addr ffff88813cfa4ba0 by task btserver/9650\n\nCPU: 4 PID: 9650 Comm: btserver Tainted: G        W         5.19.8+ #5\niwlwifi 0000:06:00.0: 0x00000000 | time gp1\nHardware name: Default string Default string/SKYBAY, BIOS 5.12 02/19/2019\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x6d\n print_report.cold.12+0xf2/0x684\niwlwifi 0000:06:00.0: 0x1D0915A8 | time gp2\n ? __list_del_entry_valid+0x12/0x90\n kasan_report+0x8b/0x180\niwlwifi 0000:06:00.0: 0x00000001 | uCode revision type\n ? __list_del_entry_valid+0x12/0x90\n __list_del_entry_valid+0x12/0x90\niwlwifi 0000:06:00.0: 0x00000048 | uCode version major\n tcp_update_skb_after_send+0x5d/0x170\n __tcp_transmit_skb+0xb61/0x15c0\niwlwifi 0000:06:00.0: 0xDAA05125 | uCode version minor\n ? __tcp_select_window+0x490/0x490\niwlwifi 0000:06:00.0: 0x00000420 | hw version\n ? trace_kmalloc_node+0x29/0xd0\n ? __kmalloc_node_track_caller+0x12a/0x260\n ? memset+0x1f/0x40\n ? __build_skb_around+0x125/0x150\n ? __alloc_skb+0x1d4/0x220\n ? skb_zerocopy_clone+0x55/0x230\niwlwifi 0000:06:00.0: 0x00489002 | board version\n ? kmalloc_reserve+0x80/0x80\n ? rcu_read_lock_bh_held+0x60/0xb0\n tcp_write_xmit+0x3f1/0x24d0\niwlwifi 0000:06:00.0: 0x034E001C | hcmd\n ? __check_object_size+0x180/0x350\niwlwifi 0000:06:00.0: 0x24020000 | isr0\n tcp_sendmsg_locked+0x8a9/0x1520\niwlwifi 0000:06:00.0: 0x01400000 | isr1\n ? tcp_sendpage+0x50/0x50\niwlwifi 0000:06:00.0: 0x48F0000A | isr2\n ? lock_release+0xb9/0x400\n ? tcp_sendmsg+0x14/0x40\niwlwifi 0000:06:00.0: 0x00C3080C | isr3\n ? lock_downgrade+0x390/0x390\n ? do_raw_spin_lock+0x114/0x1d0\niwlwifi 0000:06:00.0: 0x00200000 | isr4\n ? rwlock_bug.part.2+0x50/0x50\niwlwifi 0000:06:00.0: 0x034A001C | last cmd Id\n ? rwlock_bug.part.2+0x50/0x50\n ? lockdep_hardirqs_on_prepare+0xe/0x200\niwlwifi 0000:06:00.0: 0x0000C2F0 | wait_event\n ? __local_bh_enable_ip+0x87/0xe0\n ? inet_send_prepare+0x220/0x220\niwlwifi 0000:06:00.0: 0x000000C4 | l2p_control\n tcp_sendmsg+0x22/0x40\n sock_sendmsg+0x5f/0x70\niwlwifi 0000:06:00.0: 0x00010034 | l2p_duration\n __sys_sendto+0x19d/0x250\niwlwifi 0000:06:00.0: 0x00000007 | l2p_mhvalid\n ? __ia32_sys_getpeername+0x40/0x40\niwlwifi 0000:06:00.0: 0x00000000 | l2p_addr_match\n ? rcu_read_lock_held_common+0x12/0x50\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? lock_release+0xb9/0x400\n ? lock_downgrade+0x390/0x390\n ? ktime_get+0x64/0x130\n ? ktime_get+0x8d/0x130\n ? rcu_read_lock_held_common+0x12/0x50\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_held_common+0x12/0x50\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n __x64_sys_sendto+0x6f/0x80\n do_syscall_64+0x34/0xb0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f1d126e4531\nCode: 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 35 80 0c 00 41 89 ca 8b 00 85 c0 75 1c 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89\nRSP: 002b:00007ffe21a679d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 000000000000ffdc RCX: 00007f1d126e4531\nRDX: 0000000000010000 RSI: 000000000374acf0 RDI: 0000000000000014\nRBP: 00007ffe21a67ac0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R\n---truncated---",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-50248",
          "url": "https://www.suse.com/security/cve/CVE-2022-50248"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249840 for CVE-2022-50248",
          "url": "https://bugzilla.suse.com/1249840"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-09T07:03:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-50248"
    },
    {
      "cve": "CVE-2022-50252",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-50252"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not free q_vector unless new one was allocated\n\nAvoid potential use-after-free condition under memory pressure. If the\nkzalloc() fails, q_vector will be freed but left in the original\nadapter-\u003eq_vector[v_idx] array position.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-50252",
          "url": "https://www.suse.com/security/cve/CVE-2022-50252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249846 for CVE-2022-50252",
          "url": "https://bugzilla.suse.com/1249846"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-09T07:03:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-50252"
    },
    {
      "cve": "CVE-2025-38664",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38664"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38664",
          "url": "https://www.suse.com/security/cve/CVE-2025-38664"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248628 for CVE-2025-38664",
          "url": "https://bugzilla.suse.com/1248628"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248631 for CVE-2025-38664",
          "url": "https://bugzilla.suse.com/1248631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_218-default-2-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-09T07:03:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38664"
    }
  ]
}

CVE-2022-50252 (GCVE-0-2022-50252)

Vulnerability from cvelistv5

Published

2025-09-15 14:02

Modified

2025-09-15 14:02

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the original adapter->q_vector[v_idx] array position.

References

URL

Tags

	https://git.kernel.org/stable/c/64ca1969599857143e91aeec4440640656100803
	https://git.kernel.org/stable/c/0200f0fbb11e359cc35af72ab10b2ec224e6f633
	https://git.kernel.org/stable/c/68e8adbcaf7a8743e473343b38b9dad66e2ac6f3
	https://git.kernel.org/stable/c/f96bd8adc8adde25390965a8c1ee81b73cb62075
	https://git.kernel.org/stable/c/3cb18dea11196fb4a06f78294cec5e61985e1aff
	https://git.kernel.org/stable/c/314f7092b27749bdde44c14095b5533afa2a3bc8
	https://git.kernel.org/stable/c/6e399577bd397a517df4b938601108c63769ce0a
	https://git.kernel.org/stable/c/56483aecf6b22eb7dff6315b3a174688c6ad494c
	https://git.kernel.org/stable/c/0668716506ca66f90d395f36ccdaebc3e0e84801

Impacted products

Vendor

Product

Version

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "64ca1969599857143e91aeec4440640656100803",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0200f0fbb11e359cc35af72ab10b2ec224e6f633",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "68e8adbcaf7a8743e473343b38b9dad66e2ac6f3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f96bd8adc8adde25390965a8c1ee81b73cb62075",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3cb18dea11196fb4a06f78294cec5e61985e1aff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "314f7092b27749bdde44c14095b5533afa2a3bc8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6e399577bd397a517df4b938601108c63769ce0a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "56483aecf6b22eb7dff6315b3a174688c6ad494c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0668716506ca66f90d395f36ccdaebc3e0e84801",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igb/igb_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.337",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.337",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.303",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.270",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not free q_vector unless new one was allocated\n\nAvoid potential use-after-free condition under memory pressure. If the\nkzalloc() fails, q_vector will be freed but left in the original\nadapter-\u003eq_vector[v_idx] array position."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:02:30.980Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/64ca1969599857143e91aeec4440640656100803"
        },
        {
          "url": "https://git.kernel.org/stable/c/0200f0fbb11e359cc35af72ab10b2ec224e6f633"
        },
        {
          "url": "https://git.kernel.org/stable/c/68e8adbcaf7a8743e473343b38b9dad66e2ac6f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f96bd8adc8adde25390965a8c1ee81b73cb62075"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cb18dea11196fb4a06f78294cec5e61985e1aff"
        },
        {
          "url": "https://git.kernel.org/stable/c/314f7092b27749bdde44c14095b5533afa2a3bc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e399577bd397a517df4b938601108c63769ce0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/56483aecf6b22eb7dff6315b3a174688c6ad494c"
        },
        {
          "url": "https://git.kernel.org/stable/c/0668716506ca66f90d395f36ccdaebc3e0e84801"
        }
      ],
      "title": "igb: Do not free q_vector unless new one was allocated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50252",
    "datePublished": "2025-09-15T14:02:30.980Z",
    "dateReserved": "2025-09-15T13:58:00.973Z",
    "dateUpdated": "2025-09-15T14:02:30.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-38664 (GCVE-0-2025-38664)

Vulnerability from cvelistv5

Published

2025-08-22 16:02

Modified

2025-11-03 17:40

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

References

URL

Tags

	https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782
	https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede
	https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15
	https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b
	https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535
	https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7
	https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca
	https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36

Impacted products

Vendor

Product

Version

Linux

Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445
Version: c7648810961682b9388be2dd041df06915647445

Linux

Version: 5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:50.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_ddp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35370d3b44efe194fd5ad55bac987e629597d782",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "435462f8ab2b9c5340a5414ce02f70117d0cfede",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "7c5a13c76dd37e9e4f8d48b87376a54f4399ce15",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "3028f2a4e746b499043bbb8ab816f975473a0535",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "6d640a8ea62435a7f6f89869bee4fa99423d07ca",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            },
            {
              "lessThan": "4ff12d82dac119b4b99b5a78b5af3bf2474c0a36",
              "status": "affected",
              "version": "c7648810961682b9388be2dd041df06915647445",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_ddp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.101",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.41",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.9",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:44:32.084Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782"
        },
        {
          "url": "https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36"
        }
      ],
      "title": "ice: Fix a null pointer dereference in ice_copy_and_init_pkg()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38664",
    "datePublished": "2025-08-22T16:02:56.707Z",
    "dateReserved": "2025-04-16T04:51:24.031Z",
    "dateUpdated": "2025-11-03T17:40:50.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-50248 (GCVE-0-2022-50248)

Vulnerability from cvelistv5

Published

2025-09-15 14:02

Modified

2025-09-15 14:02

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and it appears there is indeed a way to double-free an skb. If iwl_mvm_tx_skb_sta returns non-zero, then the 'skb' sent into the method will be freed. But, in case where we build TSO skb buffer, the skb may also be freed in error case. So, return 0 in that particular error case and do cleanup manually. BUG: KASAN: use-after-free in __list_del_entry_valid+0x12/0x90 iwlwifi 0000:06:00.0: 0x00000000 | tsf hi Read of size 8 at addr ffff88813cfa4ba0 by task btserver/9650 CPU: 4 PID: 9650 Comm: btserver Tainted: G W 5.19.8+ #5 iwlwifi 0000:06:00.0: 0x00000000 | time gp1 Hardware name: Default string Default string/SKYBAY, BIOS 5.12 02/19/2019 Call Trace: <TASK> dump_stack_lvl+0x55/0x6d print_report.cold.12+0xf2/0x684 iwlwifi 0000:06:00.0: 0x1D0915A8 | time gp2 ? __list_del_entry_valid+0x12/0x90 kasan_report+0x8b/0x180 iwlwifi 0000:06:00.0: 0x00000001 | uCode revision type ? __list_del_entry_valid+0x12/0x90 __list_del_entry_valid+0x12/0x90 iwlwifi 0000:06:00.0: 0x00000048 | uCode version major tcp_update_skb_after_send+0x5d/0x170 __tcp_transmit_skb+0xb61/0x15c0 iwlwifi 0000:06:00.0: 0xDAA05125 | uCode version minor ? __tcp_select_window+0x490/0x490 iwlwifi 0000:06:00.0: 0x00000420 | hw version ? trace_kmalloc_node+0x29/0xd0 ? __kmalloc_node_track_caller+0x12a/0x260 ? memset+0x1f/0x40 ? __build_skb_around+0x125/0x150 ? __alloc_skb+0x1d4/0x220 ? skb_zerocopy_clone+0x55/0x230 iwlwifi 0000:06:00.0: 0x00489002 | board version ? kmalloc_reserve+0x80/0x80 ? rcu_read_lock_bh_held+0x60/0xb0 tcp_write_xmit+0x3f1/0x24d0 iwlwifi 0000:06:00.0: 0x034E001C | hcmd ? __check_object_size+0x180/0x350 iwlwifi 0000:06:00.0: 0x24020000 | isr0 tcp_sendmsg_locked+0x8a9/0x1520 iwlwifi 0000:06:00.0: 0x01400000 | isr1 ? tcp_sendpage+0x50/0x50 iwlwifi 0000:06:00.0: 0x48F0000A | isr2 ? lock_release+0xb9/0x400 ? tcp_sendmsg+0x14/0x40 iwlwifi 0000:06:00.0: 0x00C3080C | isr3 ? lock_downgrade+0x390/0x390 ? do_raw_spin_lock+0x114/0x1d0 iwlwifi 0000:06:00.0: 0x00200000 | isr4 ? rwlock_bug.part.2+0x50/0x50 iwlwifi 0000:06:00.0: 0x034A001C | last cmd Id ? rwlock_bug.part.2+0x50/0x50 ? lockdep_hardirqs_on_prepare+0xe/0x200 iwlwifi 0000:06:00.0: 0x0000C2F0 | wait_event ? __local_bh_enable_ip+0x87/0xe0 ? inet_send_prepare+0x220/0x220 iwlwifi 0000:06:00.0: 0x000000C4 | l2p_control tcp_sendmsg+0x22/0x40 sock_sendmsg+0x5f/0x70 iwlwifi 0000:06:00.0: 0x00010034 | l2p_duration __sys_sendto+0x19d/0x250 iwlwifi 0000:06:00.0: 0x00000007 | l2p_mhvalid ? __ia32_sys_getpeername+0x40/0x40 iwlwifi 0000:06:00.0: 0x00000000 | l2p_addr_match ? rcu_read_lock_held_common+0x12/0x50 ? rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_bh_held+0xb0/0xb0 ? rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_sched_held+0x5a/0xd0 ? lock_release+0xb9/0x400 ? lock_downgrade+0x390/0x390 ? ktime_get+0x64/0x130 ? ktime_get+0x8d/0x130 ? rcu_read_lock_held_common+0x12/0x50 ? rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_held_common+0x12/0x50 ? rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_bh_held+0xb0/0xb0 ? rcu_read_lock_bh_held+0xb0/0xb0 __x64_sys_sendto+0x6f/0x80 do_syscall_64+0x34/0xb0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f1d126e4531 Code: 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 35 80 0c 00 41 89 ca 8b 00 85 c0 75 1c 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89 RSP: 002b:00007ffe21a679d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000000000000ffdc RCX: 00007f1d126e4531 RDX: 0000000000010000 RSI: 000000000374acf0 RDI: 0000000000000014 RBP: 00007ffe21a67ac0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R ---truncated---

References

URL

Tags

	https://git.kernel.org/stable/c/0e1e311fd929c6a8dcfddcb4748c47b07e39821f
	https://git.kernel.org/stable/c/ae966649f665bc3868b935157dd4a3c31810dcc0
	https://git.kernel.org/stable/c/d8e32f1bf1a9183a6aad560c6688500222d24299
	https://git.kernel.org/stable/c/8fabe41fba907e4fd826acbbdb42e09c681c515e
	https://git.kernel.org/stable/c/3a2ecd1ec14075117ccb3e85f0fed224578ec228
	https://git.kernel.org/stable/c/0473cbae2137b963bd0eaa74336131cb1d3bc6c3

Impacted products

Vendor

Product

Version

Linux

Version: 08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250
Version: 08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250
Version: 08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250
Version: 08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250
Version: 08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250
Version: 08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250

Linux

Version: 5.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/mvm/tx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0e1e311fd929c6a8dcfddcb4748c47b07e39821f",
              "status": "affected",
              "version": "08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250",
              "versionType": "git"
            },
            {
              "lessThan": "ae966649f665bc3868b935157dd4a3c31810dcc0",
              "status": "affected",
              "version": "08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250",
              "versionType": "git"
            },
            {
              "lessThan": "d8e32f1bf1a9183a6aad560c6688500222d24299",
              "status": "affected",
              "version": "08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250",
              "versionType": "git"
            },
            {
              "lessThan": "8fabe41fba907e4fd826acbbdb42e09c681c515e",
              "status": "affected",
              "version": "08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250",
              "versionType": "git"
            },
            {
              "lessThan": "3a2ecd1ec14075117ccb3e85f0fed224578ec228",
              "status": "affected",
              "version": "08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250",
              "versionType": "git"
            },
            {
              "lessThan": "0473cbae2137b963bd0eaa74336131cb1d3bc6c3",
              "status": "affected",
              "version": "08f7d8b69aaf137db8ee0a2d7c9e6cd6383ae250",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/mvm/tx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.229",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.163",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.86",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix double free on tx path.\n\nWe see kernel crashes and lockups and KASAN errors related to ax210\nfirmware crashes.  One of the KASAN dumps pointed at the tx path,\nand it appears there is indeed a way to double-free an skb.\n\nIf iwl_mvm_tx_skb_sta returns non-zero, then the \u0027skb\u0027 sent into the\nmethod will be freed.  But, in case where we build TSO skb buffer,\nthe skb may also be freed in error case.  So, return 0 in that particular\nerror case and do cleanup manually.\n\nBUG: KASAN: use-after-free in __list_del_entry_valid+0x12/0x90\niwlwifi 0000:06:00.0: 0x00000000 | tsf hi\nRead of size 8 at addr ffff88813cfa4ba0 by task btserver/9650\n\nCPU: 4 PID: 9650 Comm: btserver Tainted: G        W         5.19.8+ #5\niwlwifi 0000:06:00.0: 0x00000000 | time gp1\nHardware name: Default string Default string/SKYBAY, BIOS 5.12 02/19/2019\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x6d\n print_report.cold.12+0xf2/0x684\niwlwifi 0000:06:00.0: 0x1D0915A8 | time gp2\n ? __list_del_entry_valid+0x12/0x90\n kasan_report+0x8b/0x180\niwlwifi 0000:06:00.0: 0x00000001 | uCode revision type\n ? __list_del_entry_valid+0x12/0x90\n __list_del_entry_valid+0x12/0x90\niwlwifi 0000:06:00.0: 0x00000048 | uCode version major\n tcp_update_skb_after_send+0x5d/0x170\n __tcp_transmit_skb+0xb61/0x15c0\niwlwifi 0000:06:00.0: 0xDAA05125 | uCode version minor\n ? __tcp_select_window+0x490/0x490\niwlwifi 0000:06:00.0: 0x00000420 | hw version\n ? trace_kmalloc_node+0x29/0xd0\n ? __kmalloc_node_track_caller+0x12a/0x260\n ? memset+0x1f/0x40\n ? __build_skb_around+0x125/0x150\n ? __alloc_skb+0x1d4/0x220\n ? skb_zerocopy_clone+0x55/0x230\niwlwifi 0000:06:00.0: 0x00489002 | board version\n ? kmalloc_reserve+0x80/0x80\n ? rcu_read_lock_bh_held+0x60/0xb0\n tcp_write_xmit+0x3f1/0x24d0\niwlwifi 0000:06:00.0: 0x034E001C | hcmd\n ? __check_object_size+0x180/0x350\niwlwifi 0000:06:00.0: 0x24020000 | isr0\n tcp_sendmsg_locked+0x8a9/0x1520\niwlwifi 0000:06:00.0: 0x01400000 | isr1\n ? tcp_sendpage+0x50/0x50\niwlwifi 0000:06:00.0: 0x48F0000A | isr2\n ? lock_release+0xb9/0x400\n ? tcp_sendmsg+0x14/0x40\niwlwifi 0000:06:00.0: 0x00C3080C | isr3\n ? lock_downgrade+0x390/0x390\n ? do_raw_spin_lock+0x114/0x1d0\niwlwifi 0000:06:00.0: 0x00200000 | isr4\n ? rwlock_bug.part.2+0x50/0x50\niwlwifi 0000:06:00.0: 0x034A001C | last cmd Id\n ? rwlock_bug.part.2+0x50/0x50\n ? lockdep_hardirqs_on_prepare+0xe/0x200\niwlwifi 0000:06:00.0: 0x0000C2F0 | wait_event\n ? __local_bh_enable_ip+0x87/0xe0\n ? inet_send_prepare+0x220/0x220\niwlwifi 0000:06:00.0: 0x000000C4 | l2p_control\n tcp_sendmsg+0x22/0x40\n sock_sendmsg+0x5f/0x70\niwlwifi 0000:06:00.0: 0x00010034 | l2p_duration\n __sys_sendto+0x19d/0x250\niwlwifi 0000:06:00.0: 0x00000007 | l2p_mhvalid\n ? __ia32_sys_getpeername+0x40/0x40\niwlwifi 0000:06:00.0: 0x00000000 | l2p_addr_match\n ? rcu_read_lock_held_common+0x12/0x50\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? lock_release+0xb9/0x400\n ? lock_downgrade+0x390/0x390\n ? ktime_get+0x64/0x130\n ? ktime_get+0x8d/0x130\n ? rcu_read_lock_held_common+0x12/0x50\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_held_common+0x12/0x50\n ? rcu_read_lock_sched_held+0x5a/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n __x64_sys_sendto+0x6f/0x80\n do_syscall_64+0x34/0xb0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f1d126e4531\nCode: 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 35 80 0c 00 41 89 ca 8b 00 85 c0 75 1c 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89\nRSP: 002b:00007ffe21a679d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 000000000000ffdc RCX: 00007f1d126e4531\nRDX: 0000000000010000 RSI: 000000000374acf0 RDI: 0000000000000014\nRBP: 00007ffe21a67ac0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T14:02:07.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0e1e311fd929c6a8dcfddcb4748c47b07e39821f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae966649f665bc3868b935157dd4a3c31810dcc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8e32f1bf1a9183a6aad560c6688500222d24299"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fabe41fba907e4fd826acbbdb42e09c681c515e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a2ecd1ec14075117ccb3e85f0fed224578ec228"
        },
        {
          "url": "https://git.kernel.org/stable/c/0473cbae2137b963bd0eaa74336131cb1d3bc6c3"
        }
      ],
      "title": "wifi: iwlwifi: mvm: fix double free on tx path.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50248",
    "datePublished": "2025-09-15T14:02:07.723Z",
    "dateReserved": "2025-09-15T13:58:00.972Z",
    "dateUpdated": "2025-09-15T14:02:07.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:4004-1

Vulnerability from csaf_suse

CVE-2022-50252 (GCVE-0-2022-50252)

Vulnerability from cvelistv5

CVE-2025-38664 (GCVE-0-2025-38664)

Vulnerability from cvelistv5

CVE-2022-50248 (GCVE-0-2022-50248)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature