5.5

CVE-2022-49084

qede: confirm skb is allocated before using

In the Linux kernel, the following vulnerability has been resolved:

qede: confirm skb is allocated before using

qede_build_skb() assumes build_skb() always works and goes straight
to skb_reserve(). However, build_skb() can fail under memory pressure.
This results in a kernel panic because the skb to reserve is NULL.

Add a check in case build_skb() failed to allocate and return NULL.

The NULL return is handled correctly in callers to qede_build_skb().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.18 < 4.19.238
LinuxLinux Kernel Version >= 4.20 < 5.4.189
LinuxLinux Kernel Version >= 5.5 < 5.10.111
LinuxLinux Kernel Version >= 5.11 < 5.15.34
LinuxLinux Kernel Version >= 5.16 < 5.16.20
LinuxLinux Kernel Version >= 5.17 < 5.17.3
LinuxLinux Kernel Version5.18 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.148
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/034a92c6a81048128fc7b18d278d52438a13902a
Patch
https://git.kernel.org/stable/c/4e910dbe36508654a896d5735b318c0b88172570
Patch
https://git.kernel.org/stable/c/8928239e5e2e460d95b8a0b89f61671625e7ece0
Patch
https://git.kernel.org/stable/c/9648adb1b3ece55c657d3a4f52bfee663b710dfe
Patch
https://git.kernel.org/stable/c/b2d6b3db9d1cf80908964036dbe1c52a86b1afb1
Patch
https://git.kernel.org/stable/c/c9bdce2359b5f4986eb38d1e81865b3586cc20d2
Patch
https://git.kernel.org/stable/c/e1fd0c42acfa22bb34d2ab6a111484f466ab8093
Patch