2298143 – (CVE-2022-48807) CVE-2022-48807 kernel: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler

Bug 2298143 (CVE-2022-48807) - CVE-2022-48807 kernel: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler

Summary: CVE-2022-48807 kernel: ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler

Keywords:
Status:	NEW
Alias:	CVE-2022-48807
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-16 12:29 UTC by OSIDB Bzimport
Modified:	2024-07-30 17:43 UTC (History)
CC List:	4 users (show)
Fixed In Version:	kernel 5.15.24, kernel 5.16.10, kernel 5.17
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-16 12:29:45 UTC

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler

Currently, the same handler is called for both a NETDEV_BONDING_INFO
LAG unlink notification as for a NETDEV_UNREGISTER call.  This is
causing a problem though, since the netdev_notifier_info passed has
a different structure depending on which event is passed.  The problem
manifests as a call trace from a BUG: KASAN stack-out-of-bounds error.

Fix this by creating a handler specific to NETDEV_UNREGISTER that only
is passed valid elements in the netdev_notifier_info struct for the
NETDEV_UNREGISTER event.

Also included is the removal of an unbalanced dev_put on the peer_netdev
and related braces.

Note You need to log in before you can comment on or make changes to this bug.