net/mlx5e: Avoid field-overflowing memcpy()
CVE-2022-48744

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
20 June 2024

What is CVE-2022-48744?

A vulnerability has been identified in the Linux kernel specifically affecting the mlx5e network driver, where improper handling of the memcpy() function allows for potential field overflow. The issue arises during the preparation for compile-time and runtime field bounds checking in operations involving memcpy(), memmove(), and memset(). The flawed implementation can cause unintended writing across neighboring fields in data structures, particularly when handling inline headers and data segments. This vulnerability has been mitigated by transitioning from zero-element arrays to flexible arrays and separating memcpy() operations to enable proper bounds checking by the compiler. This change aims to prevent memory corruption and enhance the overall robustness of the kernel's memory management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux b5503b994ed5ed8dbfe821317e7b5b38acb065c5 < 49bcbe531f79fc35bb10020f7695f9f01e4f0ca8

Linux b5503b994ed5ed8dbfe821317e7b5b38acb065c5 < 8fbdf8c8b8ab82beab882175157650452c46493e

Linux b5503b994ed5ed8dbfe821317e7b5b38acb065c5

References

https://git.kernel.org/stable/c/49bcbe531f79fc35bb10020f7...
https://git.kernel.org/stable/c/8fbdf8c8b8ab82beab8821751...
https://git.kernel.org/stable/c/ad5185735f7dab342fdd0dd41...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.