CVE-2022-50003

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc7+

Description A vulnerability in the Linux kernel has been resolved, related to the ice driver's XSK logic. The issue occurs when a user attempts to attach an XSK socket in tx-only mode at a queue id that does not have a corresponding Rx queue. This results in an out-of-bounds access to the Rx ring array. The vulnerability can be triggered by running specific commands, such as ethtool -L $IFACE rx 8 tx 96 and xdpsock -q 10 -t -z. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions prior to 5.19.0-rc7+, consider disabling the ice xsk pool setup function as a temporary workaround until a patch is available. Restrict access to the vulnerable xdpsock module to minimize the risk of exploitation. Avoid using the ethtool command with the -L option to configure queue settings until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.