7.8

CVE-2022-48960

net: hisilicon: Fix potential use-after-free in hix5hd2_rx()

In the Linux kernel, the following vulnerability has been resolved:

net: hisilicon: Fix potential use-after-free in hix5hd2_rx()

The skb is delivered to napi_gro_receive() which may free it, after
calling this, dereferencing skb may trigger use-after-free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.16 < 4.9.336
LinuxLinux Kernel Version >= 4.10 < 4.14.302
LinuxLinux Kernel Version >= 4.15 < 4.19.269
LinuxLinux Kernel Version >= 4.20 < 5.4.227
LinuxLinux Kernel Version >= 5.5 < 5.10.159
LinuxLinux Kernel Version >= 5.11 < 5.15.83
LinuxLinux Kernel Version >= 5.16 < 6.0.13
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
LinuxLinux Kernel Version6.1 Updaterc6
LinuxLinux Kernel Version6.1 Updaterc7
LinuxLinux Kernel Version6.1 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.145
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4
Patch
https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c
Patch
https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a
Patch
https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab
Patch
https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f
Patch
https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc
Patch
https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262
Patch
https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387
Patch