CVE-2022-48882

EPSS 0.01%
Published 21.08.2024 07:15:04
Last modified 29.08.2024 02:36:29
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)

Upon updating MAC security entity (SecY) in hw offload path, the macsec
security association (SA) initialization routine is called. In case of
extended packet number (epn) is enabled the salt and ssci attributes are
retrieved using the MACsec driver rx_sa context which is unavailable when
updating a SecY property such as encoding-sa hence the null dereference.
Fix by using the provided SA to set those attributes.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.019

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597

Patch

https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48882

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48882

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48882

EUVD