CVE-2022-48744

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a field-overflowing memcpy() in the net/mlx5e module of the Linux kernel. In preparation for FORTIFY SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), the code has been modified to avoid intentionally writing across neighboring fields. The vulnerability occurs when the compiler sees the target as being 2 bytes in size, but 18 bytes are copied, intending to write across the start, which is really vlan tci, 2 bytes. The remaining 16 bytes get written into wqe->data[0], covering byte count, lkey, and addr.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.