CVE-2022-48811

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc5-autotest-g6441998e2e37

Description The vulnerability is related to the ibmvnic component in the Linux kernel. When the ibmvnic open() function encounters an error, such as when setting link state, it calls release resources() which frees the napi structures needlessly. This can lead to a crash when running the drmgr command several times to add/remove a vnic interface. The issue is caused by a NULL pointer dereference on read at address 0x00000010. The vulnerability can be exploited by an attacker to cause a denial of service.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the ibmvnic component. Specifically, update to a version later than 5.16.0-rc5-autotest-g6441998e2e37. As a temporary workaround, consider disabling the ibmvnic open() function until a patch is available. Restrict access to the vulnerable ibmvnic component to minimize the risk of exploitation. Avoid using the drmgr command to add/remove vnic interfaces until the issue is resolved.