CVE-2022-48807

MEDIUM

Linux Kernel 5.14.16-5.15 - Use-After-Free in LAG NETDEV_UNREGISTER Handler

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler Currently, the same handler is called for both a NETDEV_BONDING_INFO LAG unlink notification as for a NETDEV_UNREGISTER call. This is causing a problem though, since the netdev_notifier_info passed has a different structure depending on which event is passed. The problem manifests as a call trace from a BUG: KASAN stack-out-of-bounds error. Fix this by creating a handler specific to NETDEV_UNREGISTER that only is passed valid elements in the netdev_notifier_info struct for the NETDEV_UNREGISTER event. Also included is the removal of an unbalanced dev_put on the peer_netdev and related braces.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469

Patch

https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46

Patch

https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1

Scores

CVSS v3 5.5

EPSS 0.0029

EPSS Percentile 20.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (13)

Linux/Linux < 5.15

Linux/Linux 5.14.16 - 5.15

Linux/Linux 5.15

Linux/Linux 5.15.24 - 5.15.*

Linux/Linux 5.16.10 - 5.16.*

Linux/Linux 5.17

Linux/Linux 6a8b357278f5f8b9817147277ab8f12879dce8a8 - bea1898f65b9b7096cb4e73e97c83b94718f1fa1

Linux/Linux 6a8b357278f5f8b9817147277ab8f12879dce8a8 - f9daedc3ab8f673e3a9374b91a89fbf1174df469

Linux/Linux 6a8b357278f5f8b9817147277ab8f12879dce8a8 - faa9bcf700ca1a0d09f92502a6b65d3ce313fb46

Linux/Linux e83b3cce4722b880c277d44b13eebf2548cb2ebb

... and 3 more

Published Jul 16, 2024

Tracked Since Feb 18, 2026