CVE-2022-49025
net/mlx5e: Fix use-after-free when reverting termination table
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
When having multiple dests with termination tables and second one
or afterwards fails the driver reverts usage of term tables but
doesn't reset the assignment in attr->dests[num_vport_dests].termtbl
which case a use-after-free when releasing the rule.
Fix by resetting the assignment of termtbl to null.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404bhttps://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325affhttps://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0bhttps://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2aehttps://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904