2320672 – (CVE-2022-49025) CVE-2022-49025 kernel: net/mlx5e: Fix use-after-free when reverting termination table

Bug 2320672 (CVE-2022-49025) - CVE-2022-49025 kernel: net/mlx5e: Fix use-after-free when reverting termination table

Summary: CVE-2022-49025 kernel: net/mlx5e: Fix use-after-free when reverting terminati...

Keywords:
Status:	NEW
Alias:	CVE-2022-49025
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-21 21:01 UTC by OSIDB Bzimport
Modified:	2024-11-18 13:15 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-21 21:01:52 UTC

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix use-after-free when reverting termination table

When having multiple dests with termination tables and second one
or afterwards fails the driver reverts usage of term tables but
doesn't reset the assignment in attr->dests[num_vport_dests].termtbl
which case a use-after-free when releasing the rule.
Fix by resetting the assignment of termtbl to null.

Comment 1 Avinash Hanwate 2024-10-22 08:43:25 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102155-CVE-2022-49025-4bcc@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.