PT-2022-7438 · Linux+3 · Linux Kernel+3

Lu Wei

·

Published

2022-09-09

·

Updated

2025-03-20

·

CVE-2022-48651

CVSS v3.1

7.7

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc4+
Description The vulnerability is related to out-of-bound bugs caused by an unset skb->mac header in the ipvlan component of the Linux kernel. This issue can be triggered when an AF PACKET socket is used to send packets through ipvlan and the default xmit function of the AF PACKET socket is changed from dev queue xmit() to packet direct xmit() via setsockopt() with the option name of PACKET QDISC BYPASS. The root cause of this issue is that packet snd() only resets skb->mac header when the socket type is SOCK RAW and the protocol is not specified, and packet direct xmit() does not reset skb->mac header as dev queue xmit() does. This can lead to out-of-bound access when ipvlan xmit mode l2() is called.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the patch for this vulnerability. Specifically, the patch replaces eth hdr() with skb eth hdr() in ipvlan xmit mode l2() and resets the mac header in multicast to solve the out-of-bound bug. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2024-06336
CVE-2022-48651
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1642-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
OPENSUSE-SU-2024_3623-1
OPENSUSE-SU-2024_3631-1
OPENSUSE-SU-2024_3639-1
OPENSUSE-SU-2024_3651-1
OPENSUSE-SU-2024_3652-1
OPENSUSE-SU-2024_3679-1
OPENSUSE-SU-2024_3694-1
OPENSUSE-SU-2024_3695-1
OPENSUSE-SU-2024_3696-1
OPENSUSE-SU-2024_3697-1
OPENSUSE-SU-2024_3793-1
OPENSUSE-SU-2024_3798-1
OPENSUSE-SU-2024_3814-1
OPENSUSE-SU-2024_3815-1
OPENSUSE-SU-2024_3829-1
OPENSUSE-SU-2024_3830-1
OPENSUSE-SU-2024_3837-1
OPENSUSE-SU-2024_3842-1
OPENSUSE-SU-2024_3851-1
OPENSUSE-SU-2024_3852-1
OPENSUSE-SU-2024_3855-1
OPENSUSE-SU-2024_4122-1
OPENSUSE-SU-2024_4123-1
OPENSUSE-SU-2024_4124-1
OPENSUSE-SU-2024_4214-1
OPENSUSE-SU-2024_4216-1
OPENSUSE-SU-2024_4218-1
OPENSUSE-SU-2024_4234-1
OPENSUSE-SU-2024_4235-1
OPENSUSE-SU-2024_4256-1
OPENSUSE-SU-2024_4264-1
OPENSUSE-SU-2024_4266-1
OPENSUSE-SU-2025_0101-1
OPENSUSE-SU-2025_0106-1
OPENSUSE-SU-2025_0107-1
OPENSUSE-SU-2025_0109-1
OPENSUSE-SU-2025_0114-1
OPENSUSE-SU-2025_0115-1
OPENSUSE-SU-2025_0150-1
OPENSUSE-SU-2025_0158-1
OPENSUSE-SU-2025_0240-1
OPENSUSE-SU-2025_0244-1
OPENSUSE-SU-2025_0248-1
OPENSUSE-SU-2025_0251-1
OPENSUSE-SU-2025_0252-1
OPENSUSE-SU-2025_0253-1
OPENSUSE-SU-2025_0261-1
OPENSUSE-SU-2025_0266-1
SUSE-SU-2024:1641-1
SUSE-SU-2024:1642-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1645-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1650-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:1677-1
SUSE-SU-2024:1679-1
SUSE-SU-2024:1680-1
SUSE-SU-2024:1682-1
SUSE-SU-2024:1683-1
SUSE-SU-2024:1685-1
SUSE-SU-2024:1686-1
SUSE-SU-2024:1692-1
SUSE-SU-2024:1694-1
SUSE-SU-2024:1695-1
SUSE-SU-2024:1696-1
SUSE-SU-2024:1705-1
SUSE-SU-2024:1706-1
SUSE-SU-2024:1707-1
SUSE-SU-2024:1708-1
SUSE-SU-2024:1709-1
SUSE-SU-2024:1711-1
SUSE-SU-2024:1712-1
SUSE-SU-2024:1713-1
SUSE-SU-2024:1719-1
SUSE-SU-2024:1720-1
SUSE-SU-2024:1723-1
SUSE-SU-2024:1726-1
SUSE-SU-2024:1729-1
SUSE-SU-2024:1730-1
SUSE-SU-2024:1731-1
SUSE-SU-2024:1732-1
SUSE-SU-2024:1735-1
SUSE-SU-2024:1736-1
SUSE-SU-2024:1738-1
SUSE-SU-2024:1739-1
SUSE-SU-2024:1740-1
SUSE-SU-2024:1742-1
SUSE-SU-2024:1746-1
SUSE-SU-2024:1748-1
SUSE-SU-2024:1749-1
SUSE-SU-2024:1750-1
SUSE-SU-2024:1751-1
SUSE-SU-2024:1753-1
SUSE-SU-2024:1757-1
SUSE-SU-2024:1759-1
SUSE-SU-2024:1760-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:2092-1
SUSE-SU-2024:2100-1
SUSE-SU-2024:2101-1
SUSE-SU-2024:2120-1
SUSE-SU-2024:2121-1
SUSE-SU-2024:2130-1
SUSE-SU-2024:2139-1
SUSE-SU-2024:2148-1
SUSE-SU-2024:2162-1
SUSE-SU-2024:2163-1
SUSE-SU-2024:2191-1
SUSE-SU-2024:2207-1
SUSE-SU-2024:2208-1
SUSE-SU-2024:2209-1
SUSE-SU-2024:2335-1
SUSE-SU-2024:2337-1
SUSE-SU-2024:2343-1
SUSE-SU-2024:2344-1
SUSE-SU-2024:2357-1
SUSE-SU-2024:2373-1
SUSE-SU-2024:2382-1
SUSE-SU-2024:2446-1
SUSE-SU-2024:2447-1
SUSE-SU-2024:2448-1
SUSE-SU-2024:2472-1
SUSE-SU-2024:2473-1
SUSE-SU-2024:2558-1
SUSE-SU-2024:2722-1
SUSE-SU-2024:2725-1
SUSE-SU-2024:2740-1
SUSE-SU-2024:2751-1
SUSE-SU-2024:2755-1
SUSE-SU-2024:2758-1
SUSE-SU-2024:2773-1
SUSE-SU-2024:2821-1
SUSE-SU-2024:2824-1
SUSE-SU-2024:2825-1
SUSE-SU-2024:2840-1
SUSE-SU-2024:2843-1
SUSE-SU-2024:2850-1
SUSE-SU-2024:2851-1
SUSE-SU-2024:3034-1
SUSE-SU-2024:3037-1
SUSE-SU-2024:3043-1
SUSE-SU-2024:3044-1
SUSE-SU-2024:3048-1
SUSE-SU-2024:3318-1
SUSE-SU-2024:3336-1
SUSE-SU-2024:3347-1
SUSE-SU-2024:3348-1
SUSE-SU-2024:3368-1
SUSE-SU-2024:3375-1
SUSE-SU-2024:3379-1
SUSE-SU-2024:3399-1
SUSE-SU-2024:3623-1
SUSE-SU-2024:3631-1
SUSE-SU-2024:3639-1
SUSE-SU-2024:3642-1
SUSE-SU-2024:3649-1
SUSE-SU-2024:3651-1
SUSE-SU-2024:3652-1
SUSE-SU-2024:3662-1
SUSE-SU-2024:3679-1
SUSE-SU-2024:3694-1
SUSE-SU-2024:3695-1
SUSE-SU-2024:3696-1
SUSE-SU-2024:3697-1
SUSE-SU-2024:3793-1
SUSE-SU-2024:3796-1
SUSE-SU-2024:3798-1
SUSE-SU-2024:3803-1
SUSE-SU-2024:3814-1
SUSE-SU-2024:3815-1
SUSE-SU-2024:3820-1
SUSE-SU-2024:3829-1
SUSE-SU-2024:3830-1
SUSE-SU-2024:3837-1
SUSE-SU-2024:3842-1
SUSE-SU-2024:3851-1
SUSE-SU-2024:3852-1
SUSE-SU-2024:3855-1
SUSE-SU-2024:4122-1
SUSE-SU-2024:4123-1
SUSE-SU-2024:4124-1
SUSE-SU-2024:4214-1
SUSE-SU-2024:4216-1
SUSE-SU-2024:4218-1
SUSE-SU-2024:4226-1
SUSE-SU-2024:4234-1
SUSE-SU-2024:4235-1
SUSE-SU-2024:4242-1
SUSE-SU-2024:4256-1
SUSE-SU-2024:4263-1
SUSE-SU-2024:4264-1
SUSE-SU-2024:4266-1
SUSE-SU-2025:0101-1
SUSE-SU-2025:0103-1
SUSE-SU-2025:0106-1
SUSE-SU-2025:0107-1
SUSE-SU-2025:0109-1
SUSE-SU-2025:0114-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0150-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0240-1
SUSE-SU-2025:0244-1
SUSE-SU-2025:0248-1
SUSE-SU-2025:0251-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0253-1
SUSE-SU-2025:0261-1
SUSE-SU-2025:0266-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse