CVE-2022-48969

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's xen-netfront component is related to resource management errors in the netfront resume() function. The issue arises when a NAPI is set up for each network sring to poll data to the kernel. During live migration, the sring with the source host is destroyed before the migration, and a new sring with the target host is set up after the migration. However, the NAPI for the old sring is not deleted until the new sring with the target host is set up after the migration. With busy poll/busy read enabled, the NAPI can be polled before it is deleted when the VM is resumed, leading to a kernel NULL pointer dereference. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.