CVE-2022-48688

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0

Description The vulnerability is related to the i40e driver in the Linux kernel. It causes a kernel crash during module removal due to the incorrect freeing of a client instance. This happens when two offline tests are performed consecutively, leading to an IRDMA driver failure, which is then indicated back to the i40e client subtask() function. This function calls i40e client del instance() to free the client instance, setting the pointer to NULL. However, during module removal, i40e remove() calls i40e lan del device(), which dereferences the NULL pointer, resulting in a crash.

To mitigate this issue, it is recommended to avoid removing the client instance when client open callbacks fail and instead clear the I40E CLIENT INSTANCE OPENED bit. Additionally, the driver should handle the situation where the network device is up and the client is not opened in the i40e notify client of netdev close() function, calling the client close callback only when I40E CLIENT INSTANCE OPENED is set.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. If an update is not available, consider temporarily disabling the i40e driver or restricting its use to minimize the risk of exploitation.