CVE-2022-49084

MEDIUM

Linux Kernel 4.18-5.17.3 - Use-After-Free in qede_build_skb

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel panic because the skb to reserve is NULL. Add a check in case build_skb() failed to allocate and return NULL. The NULL return is handled correctly in callers to qede_build_skb().

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/9648adb1b3ece55c657d3a4f52bfee663b710dfe

Patch

https://git.kernel.org/stable/c/034a92c6a81048128fc7b18d278d52438a13902a

Patch

https://git.kernel.org/stable/c/8928239e5e2e460d95b8a0b89f61671625e7ece0

Patch

https://git.kernel.org/stable/c/c9bdce2359b5f4986eb38d1e81865b3586cc20d2

Patch

https://git.kernel.org/stable/c/b2d6b3db9d1cf80908964036dbe1c52a86b1afb1

Patch

https://git.kernel.org/stable/c/e1fd0c42acfa22bb34d2ab6a111484f466ab8093

Patch

https://git.kernel.org/stable/c/4e910dbe36508654a896d5735b318c0b88172570

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 14.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (24)

linux/Kernel 4.18.0 - 4.19.238linux

linux/Kernel 4.20.0 - 5.4.189linux

linux/Kernel 5.11.0 - 5.15.34linux

linux/Kernel 5.16.0 - 5.16.20linux

linux/Kernel 5.17.0 - 5.17.3linux

linux/Kernel 5.5.0 - 5.10.111linux

Linux/Linux < 4.18

Linux/Linux 4.18

Linux/Linux 4.19.238 - 4.19.*

Linux/Linux 5.10.111 - 5.10.*

... and 14 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026