vulnerability
Ubuntu: (CVE-2022-48807): linux-intel-iotg-5.15 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jul 16, 2024 | Nov 19, 2024 | Sep 29, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
Currently, the same handler is called for both a NETDEV_BONDING_INFO
LAG unlink notification as for a NETDEV_UNREGISTER call. This is
causing a problem though, since the netdev_notifier_info passed has
a different structure depending on which event is passed. The problem
manifests as a call trace from a BUG: KASAN stack-out-of-bounds error.
Fix this by creating a handler specific to NETDEV_UNREGISTER that only
is passed valid elements in the netdev_notifier_info struct for the
NETDEV_UNREGISTER event.
Also included is the removal of an unbalanced dev_put on the peer_netdev
and related braces.
Solution
References
- CVE-2022-48807
- https://attackerkb.com/topics/CVE-2022-48807
- CWE-908
- URL-https://git.kernel.org/linus/bea1898f65b9b7096cb4e73e97c83b94718f1fa1
- URL-https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1
- URL-https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469
- URL-https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46
- URL-https://www.cve.org/CVERecord?id=CVE-2022-48807
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.