7.8

CVE-2022-49182

net: hns3: add vlan list lock to protect vlan list

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: add vlan list lock to protect vlan list

When adding port base VLAN, vf VLAN need to remove from HW and modify
the vlan state in vf VLAN list as false. If the periodicity task is
freeing the same node, it may cause "use after free" error.
This patch adds a vlan list lock to protect the vlan list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 5.15.33
LinuxLinux Kernel Version >= 5.16 < 5.16.19
LinuxLinux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.172
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97
Patch
https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725
Patch
https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758
Patch
https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd
Patch