CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) in hw offload path, the macsec security association (SA) initialization routine is called. In case of extended packet number (epn) is enabled the salt and ssci attributes are retrieved using the MACsec driver rx_sa context which is unavailable when updating a SecY property such as encoding-sa hence the null dereference. Fix by using the provided SA to set those attributes.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597	Patch
https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

29 Aug 2024, 02:36

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597 -~~	() https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597 - Patch
References	~~() https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348 -~~	() https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348 - Patch
CWE		CWE-476

21 Aug 2024, 12:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-21 07:15

Updated : 2024-08-29 02:36

NVD link : CVE-2022-48882

Mitre link : CVE-2022-48882

CVE.ORG link : CVE-2022-48882

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2022-48882", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-21T07:15:04.863", "references": [{"url": "https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)\n\nUpon updating MAC security entity (SecY) in hw offload path, the macsec\nsecurity association (SA) initialization routine is called. In case of\nextended packet number (epn) is enabled the salt and ssci attributes are\nretrieved using the MACsec driver rx_sa context which is unavailable when\nupdating a SecY property such as encoding-sa hence the null dereference.\nFix by using the provided SA to set those attributes."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: corrige la posible desreferencia nula de macsec al actualizar la entidad de seguridad MAC (SecY) Al actualizar la entidad de seguridad MAC (SecY) en la ruta de descarga de hw, se inicializa la asociaci\u00f3n de seguridad (SA) de macsec se llama rutina. En caso de que el n\u00famero de paquete extendido (epn) est\u00e9 habilitado, los atributos salt y ssci se recuperan utilizando el contexto rx_sa del controlador MACsec que no est\u00e1 disponible al actualizar una propiedad SecY como encoding-sa, de ah\u00ed la desreferencia nula. Solucione utilizando el SA proporcionado para establecer esos atributos."}], "lastModified": "2024-08-29T02:36:29.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "043B7290-EDB8-4ACE-A87A-8FA7D130B565", "versionEndExcluding": "6.1.7", "versionStartIncluding": "6.1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}