5.5

CVE-2022-49199

RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()

In the Linux kernel, the following vulnerability has been resolved:

RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()

This code checks "index" for an upper bound but it does not check for
negatives.  Change the type to unsigned to prevent underflows.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.16 < 5.16.19
LinuxLinux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.161
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://git.kernel.org/stable/c/2a495ef04d5f42e6f00eb2bec1ee9075e3d5a771
Patch
https://git.kernel.org/stable/c/87e0eacb176f9500c2063d140c0a1d7fa51ab8a5
Patch
https://git.kernel.org/stable/c/f6dd8669b8299a3a536cd92a7069152a7704da1d
Patch