CVE-2022-48932

net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided.

References

Link	Tags
https://git.kernel.org/stable/c/4ad319cdfbe555b4ff67bc608736c46a6930c848	patch
https://git.kernel.org/stable/c/0aec12d97b2036af0946e3d582144739860ac07b	patch

Frequently Asked Questions

What is the severity of CVE-2022-48932?: CVE-2022-48932 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48932?: To fix CVE-2022-48932, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48932 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-48932 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48932?: CVE-2022-48932 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-125 – Out-of-bounds Read

References

Frequently Asked Questions