PT-2022-7509 · Linux+3 · Linux Kernel+3

Published

2022-03-14

·

Updated

2024-09-16

·

CVE-2022-48835

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.89-altav-1
Description A vulnerability in the Linux kernel's mpt3sas component can cause a page fault when processing a reply queue. This occurs when the mpt3sas base sync reply irqs function uses an invalid reply q pointer outside of the list for each entry loop, resulting in an invalid pointer at the end of the full list traversal. The issue can lead to a denial of service.
To resolve the issue, move the base process reply queue call inside the loop to prevent the use of an invalid reply q pointer.
Recommendations For Linux kernel versions prior to 5.10.89-altav-1, update to a newer version that includes the fix for this vulnerability. Specifically, ensure that the base process reply queue call is moved inside the loop in the mpt3sas base sync reply irqs function to prevent the use of an invalid reply q pointer.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-763

Related Identifiers

BDU:2024-06686
CVE-2022-48835
OPENSUSE-SU-2024_2947-1
OPENSUSE-SU-2024_3249-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2902-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3249-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse