CVE-2022-48850

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's net-sysfs component can cause a panic when bringing down a network device or during system shutdown. This occurs because the device is already removed when the sysfs path is accessed. The issue is related to the speed show function, which does not check if the network device is present before accessing it. This can lead to a NULL pointer dereference, resulting in a kernel panic. The vulnerability is triggered when the mlx5 core driver is used, and the dma pool alloc function is called. The cmd exec, mlx5 cmd exec, mlx5 core access reg, mlx5e get fec caps, get fec supported advertised, mlx5e get link ksettings, and ethtool get link ksettings functions are also involved in the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.