CVE-2022-48841
MEDIUMLinux Kernel < 5.16.17 - NULL Pointer Dereference in ice_update_vsi_tx_ring_stats
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on ring is accessed to propagate gathered Tx stats onto VSI stats. Change the existing logic to move to next ring when ring is NULL.
References (2)
Core 2
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ff
Mailing List, Patch
https://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333
Scores
CVSS v3
5.5
EPSS
0.0021
EPSS Percentile
10.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (9)
linux/Kernel
5.16.0 - 5.16.17linux
Linux/Linux
< 5.16
Linux/Linux
5.16
Linux/Linux
5.16.17 - 5.16.*
Linux/Linux
5.17
Linux/Linux
e72bba21355dbb67512a0d666fec9f4b56dbfc2f - 2397270ec97c5e3009a58ac110a25e1869e9d6ff
Linux/Linux
e72bba21355dbb67512a0d666fec9f4b56dbfc2f - f153546913bada41a811722f2c6d17c3243a0333
linux/linux_kernel
5.17 rc1 (8 CPE variants)
linux/linux_kernel
< 5.16.17
Published
Jul 16, 2024
Tracked Since
Feb 18, 2026