CVE-2022-48864 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command When control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command request from the driver, presently there is no validation against the number of queue pairs to configure, or even if multiqueue had been negotiated or not is unverified. This may lead to kernel panic due to uninitialized resource for the queues were there any bogus request sent down by untrusted driver. Tie up the loose ends there.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230
https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e
https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb
https://lore.kernel.org/linux-cve-announce/2024071629-CVE-2022-48864-2b26@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48864
https://www.cve.org/CVERecord?id=CVE-2022-48864

History

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-455

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-16T12:25:27.144Z

Updated: 2024-12-19T08:09:26.343Z

Reserved: 2024-07-16T11:38:08.920Z

Link: CVE-2022-48864

Vulnrichment

Updated: 2024-08-03T15:25:01.614Z

NVD

Status : Modified

Published: 2024-07-16T13:15:13.233

Modified: 2024-11-21T07:34:14.380

Link: CVE-2022-48864

Redhat

Severity : Moderate

Publid Date: 2024-07-16T00:00:00Z

Links: CVE-2022-48864 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48864", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.920Z", "datePublished": "2024-07-16T12:25:27.144Z", "dateUpdated": "2024-12-19T08:09:26.343Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:09:26.343Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\n\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "versions": [{"version": "52893733f2c5886fc74be6c386d12b59a3f581df", "lessThan": "e7e118416465f2ba8b55007e5b789823e101421e", "status": "affected", "versionType": "git"}, {"version": "52893733f2c5886fc74be6c386d12b59a3f581df", "lessThan": "9f6effca75626c7a7c7620dabcb1a254ca530230", "status": "affected", "versionType": "git"}, {"version": "52893733f2c5886fc74be6c386d12b59a3f581df", "lessThan": "ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.29", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.15", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}], "title": "vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:22.300777Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:07.092Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:22.300777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.756Z"}}], "cna": {"title": "vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "52893733f2c5", "lessThan": "e7e118416465", "versionType": "git"}, {"status": "affected", "version": "52893733f2c5", "lessThan": "9f6effca7562", "versionType": "git"}, {"status": "affected", "version": "52893733f2c5", "lessThan": "ed0f849fc3a6", "versionType": "git"}], "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.29", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.15", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\n\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T12:25:27.144Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48864", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:07.092Z", "dateReserved": "2024-07-16T11:38:08.920Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T12:25:27.144Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "16671FB9-DA97-4162-A46E-218CDB4770CD", "versionEndExcluding": "5.15.29", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335", "versionEndExcluding": "5.16.15", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\n\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa/mlx5: agregar validaci\u00f3n para el comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET Cuando control vq recibe una solicitud de comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET del controlador, actualmente no hay validaci\u00f3n contra el n\u00famero de pares de colas para configurar, o incluso si La multicola se hab\u00eda negociado o no no est\u00e1 verificada. Esto puede provocar p\u00e1nico en el kernel debido a recursos no inicializados para las colas si hubo alguna solicitud falsa enviada por un controlador que no es de confianza. Ata los cabos sueltos all\u00ed."}], "id": "CVE-2022-48864", "lastModified": "2024-11-21T07:34:14.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T13:15:13.233", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command", "id": "2298208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298208"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-455", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48864", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48864\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48864\nhttps://lore.kernel.org/linux-cve-announce/2024071629-CVE-2022-48864-2b26@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.29, kernel 5.16.15, kernel 5.17"}