[Suggested description] An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. ------------------------------------------ [VulnerabilityType Other] NULL Pointer Dereference ------------------------------------------ [Vendor of Product] the development group ------------------------------------------ [Affected Product Code Base] Linux kernel - 5.16-rc6 ------------------------------------------ [Reference] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=886e44c9298a6b428ae046e2fa092ca52e822e6a ------------------------------------------ [Discoverer] Jiasheng Jiang
Upstream commit: https://github.com/torvalds/linux/commit/886e44c9298a6b428ae046e2fa092ca52e822e6a
This issue was fixed upstream in version 5.17. The kernel packages as shipped in the following Red Hat products were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7683 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7444 kernel in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:8267 kernel-rt in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:7933