CVE-2022-48883

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel, specifically in the net/mlx5e module, related to IPoIB and Block PKEY interfaces with less rx queues than the parent. The issue arises when a user configures an arbitrary number of rx queues via netlink, which does not work for child PKEY interfaces because they use the parent's receive channels. The number of rx queues is crucial for the channel stats array, as the parent's rx channel index is used to access the child's channel stats. To prevent out of bound accesses, the array must be at least as large as the parent's rx queue size. The patch checks for this scenario and returns an error when trying to create the interface, propagating the error to the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.