7.8

CVE-2022-48962

net: hisilicon: Fix potential use-after-free in hisi_femac_rx()

In the Linux kernel, the following vulnerability has been resolved:

net: hisilicon: Fix potential use-after-free in hisi_femac_rx()

The skb is delivered to napi_gro_receive() which may free it, after
calling this, dereferencing skb may trigger use-after-free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.8 < 4.9.336
LinuxLinux Kernel Version >= 4.10 < 4.14.302
LinuxLinux Kernel Version >= 4.15 < 4.19.269
LinuxLinux Kernel Version >= 4.20 < 5.4.227
LinuxLinux Kernel Version >= 5.5 < 5.10.159
LinuxLinux Kernel Version >= 5.11 < 5.15.83
LinuxLinux Kernel Version >= 5.16 < 6.0.13
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
LinuxLinux Kernel Version6.1 Updaterc6
LinuxLinux Kernel Version6.1 Updaterc7
LinuxLinux Kernel Version6.1 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.145
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a
Patch
https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506
Patch
https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885
Patch
https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd
Patch
https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942
Patch
https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9
Patch
https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e
Patch
https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca
Patch