5.5

CVE-2022-48841

EPSS 0.01%
Published 16.07.2024 13:15:11
Last modified 21.11.2024 07:34:11
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()

It is possible to do NULL pointer dereference in routine that updates
Tx ring stats. Currently only stats and bytes are updated when ring
pointer is valid, but later on ring is accessed to propagate gathered Tx
stats onto VSI stats.

Change the existing logic to move to next ring when ring is NULL.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.16.17

Linux ≫ Linux Kernel Version5.17 Updaterc1

Linux ≫ Linux Kernel Version5.17 Updaterc2

Linux ≫ Linux Kernel Version5.17 Updaterc3

Linux ≫ Linux Kernel Version5.17 Updaterc4

Linux ≫ Linux Kernel Version5.17 Updaterc5

Linux ≫ Linux Kernel Version5.17 Updaterc6

Linux ≫ Linux Kernel Version5.17 Updaterc7

Linux ≫ Linux Kernel Version5.17 Updaterc8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ff

Patch

Mailing List

https://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333

Patch

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-48841

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48841

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48841

EUVD