PT-2024-8447 · Linux+3 · Linux Kernel+3

Published

2022-09-08

Updated

2025-01-24

CVE-2022-48652

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to a race condition in the Linux kernel's ice component, which can cause a crash when updating Traffic Classes (TCs) with more configurations than allocated queues. This issue arises when the number of allocated queues is less than the number of Traffic Classes, or when the TC configuration is updated due to Link Layer Discovery Protocol (LLDP) after initially setting fewer queues. The ice vsi cfg tc() function fails and leaves dirty num txq/rxq and tc cfg in the vsi, resulting in invalid pointer access. This can lead to a general protection fault and potentially cause a denial-of-service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

BDU:2024-10006

CVE-2022-48652

OESA-2024-1706

OESA-2024-1707

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2189-1

SUSE-SU-2025:0231-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-8447 · Linux+3 · Linux Kernel+3

CVE-2022-48652

Weakness Enumeration

Related Identifiers

Affected Products

References · 1273