CVE-2022-48934

nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()

Description

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5ad5886f85b6bd893e3ed19013765fb0c243c069 patch
https://git.kernel.org/stable/c/af4bc921d39dffdb83076e0a7eed1321242b7d87 patch
https://git.kernel.org/stable/c/9d8097caa73200710d52b9f4d9f430548f46a900 patch
https://git.kernel.org/stable/c/4086d2433576baf85f0e538511df97c8101e0a10 patch
https://git.kernel.org/stable/c/3a14d0888eb4b0045884126acc69abfb7b87814d patch

Frequently Asked Questions

What is the severity of CVE-2022-48934?
CVE-2022-48934 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48934?
To fix CVE-2022-48934, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48934 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48934 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48934?
CVE-2022-48934 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.