CVE-2022-48966

Updated: 2024-10-25

CWE: CWE-125

Description:

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap.

CVSS3: 7.1


Vendor State

OS Vendor version Errata
Ubuntu 18.04 4.15.0-206.217 USN-5920-1
Ubuntu 18.04 AWS 4.15.0-1151.164 USN-5920-1
Ubuntu 18.04 HWE Focal 5.4.0-144.161~18.04.1 USN-5917-1
Ubuntu 20.04 5.4.0-144.161 USN-5917-1
Ubuntu 18.04 AWS Focal 5.4.0-1097.105~18.04.1 USN-5917-1
Ubuntu 18.04 Azure Focal 5.4.0-1104.110~18.04.1 USN-5917-1
Ubuntu 20.04 AWS 5.4.0-1097.105 USN-5917-1
Ubuntu 16.04 HWE ESM 4.15.0-206.217~16.04.1 USN-5883-1
Ubuntu 16.04 GCP ESM 4.15.0-1146.162~16.04.1 USN-6007-1
Ubuntu 16.04 AWS HWE ESM 4.15.0-1151.164~16.04.1 USN-5919-1
Ubuntu 16.04 Azure ESM 4.15.0-1162.177~16.04.1 USN-5975-1
Debian 11 5.10.162-1 DSA-5324-1
Ubuntu 22.04 5.15.0-67.74 USN-5912-1
Ubuntu 22.04 AWS 5.15.0-1031.35 USN-5912-1
Ubuntu 22.04 Azure 5.15.0-1034.41 USN-5912-1

KernelCare State

OS Original kernel version State
Ubuntu 18.04
Planned
Ubuntu 18.04 AWS
Planned
Ubuntu 18.04 HWE Focal
Planned
Ubuntu 20.04
Planned
Ubuntu 18.04 AWS Focal
Planned
Ubuntu 18.04 Azure Focal
Planned
Ubuntu 20.04 AWS
Planned
Ubuntu 16.04 HWE ESM
Planned
Ubuntu 16.04 GCP ESM
Planned
Ubuntu 16.04 AWS HWE ESM
Planned
Ubuntu 16.04 Azure ESM
Planned
Debian 11
Planned
Ubuntu 22.04
Planned
Ubuntu 22.04 AWS
Planned
Ubuntu 22.04 Azure
Planned