Vulnerability-Lookup

BDU:2024-06531

Vulnerability from fstec - Published: 18.02.2022

Title

Уязвимость функции speed_show() в компоненте net-sysfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции speed_show() в компоненте net-sysfs ядра операционной системы Linux связана с проверкой наличия сетевого устройства в speed_show. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «Ред Софт», Сообщество свободного программного обеспечения

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Linux

Software Version

7.3 (РЕД ОС), от 4.10 до 4.14.271 включительно (Linux), от 4.15 до 4.19.234 включительно (Linux), от 5.16.0 до 5.16.14 включительно (Linux), от 4.0 до 4.9.306 включительно (Linux), от 4.20 до 5.4.184 включительно (Linux), от 5.5 до 5.10.105 включительно (Linux), от 5.11 до 5.15.28 включительно (Linux)

Possible Mitigations

Для Linux: https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204 https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624 https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2 https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6 https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2 https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.272 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.307 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.185 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://git.kernel.org/linus/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624 https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204 https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624 https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2 https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6 https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2 https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.272 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.307 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.185 https://lore.kernel.org/linux-cve-announce/2024071625-CVE-2022-48850-247b@gregkh/ https://redos.red-soft.ru/support/secure/ https://ubuntu.com/security/notices/USN-7039-1 https://www.cve.org/CVERecord?id=CVE-2022-48850

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 4.10 \u0434\u043e 4.14.271 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.234 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16.0 \u0434\u043e 5.16.14 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.0 \u0434\u043e 4.9.306 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.184 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.105 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.28 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad \nhttps://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204 \nhttps://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624 \nhttps://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f \nhttps://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2 \nhttps://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6 \nhttps://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2 \nhttps://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.272\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.307\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.185\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.02.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06531",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-48850",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20 \u0434\u043e 5.4.185 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.29 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 5.16.15 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.106 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.10 \u0434\u043e 4.14.272 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.15 \u0434\u043e 4.19.235 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.9.307 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 speed_show() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 net-sysfs \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 speed_show() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 net-sysfs \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432 speed_show. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/linus/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624\nhttps://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad\nhttps://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204\nhttps://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624\nhttps://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f\nhttps://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2\nhttps://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6\nhttps://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2\nhttps://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.272\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.235\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.307\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.106\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.29\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.185\nhttps://lore.kernel.org/linux-cve-announce/2024071625-CVE-2022-48850-247b@gregkh/\nhttps://redos.red-soft.ru/support/secure/\nhttps://ubuntu.com/security/notices/USN-7039-1\nhttps://www.cve.org/CVERecord?id=CVE-2022-48850",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2022-48850 (GCVE-0-2022-48850)

Vulnerability from cvelistv5 – Published: 2024-07-16 12:25 – Updated: 2025-12-23 13:20

Title

net-sysfs: add check for netdevice being present to speed_show

Summary

In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed. [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called ... [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null) [ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280 crash> bt ... PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd" ... #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778 [exception RIP: dma_pool_alloc+0x1ab] RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046 RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090 RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00 R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0 R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core] #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core] #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core] #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core] #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core] #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core] #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core] #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46 #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208 #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3 #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596 #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10 #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5 #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92 crash> net_device.state ffff89443b0c0000 state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER) To prevent this scenario, we also make sure that the netdevice is present.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a7b9ab04c5932dee7…
	https://git.kernel.org/stable/c/081369ad088a76429…
	https://git.kernel.org/stable/c/75fc8363227a999e8…
	https://git.kernel.org/stable/c/8879b5313e9fa5e0c…
	https://git.kernel.org/stable/c/d15c9f6e3335002fe…
	https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab…
	https://git.kernel.org/stable/c/3a79f380b3e10edf6…
	https://git.kernel.org/stable/c/4224cfd7fb6523f7a…

Impacted products

Vendor

Product

Version

Linux

Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 081369ad088a76429984483b8a5f7e967a125aad (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 75fc8363227a999e8f3d17e2eb28dce5600dcd3f (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 8879b5313e9fa5e0c6d6812a0d25d83aed0110e2 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < d15c9f6e3335002fea1c33bc8f71a705fa96976c (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 3a79f380b3e10edf6caa9aac90163a5d7a282204 (git)
Affected: d519e17e2d01a0ee9abe083019532061b4438065 , < 4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624 (git)

Linux

Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 4.9.307 , ≤ 4.9.* (semver)
Unaffected: 4.14.272 , ≤ 4.14.* (semver)
Unaffected: 4.19.235 , ≤ 4.19.* (semver)
Unaffected: 5.4.185 , ≤ 5.4.* (semver)
Unaffected: 5.10.106 , ≤ 5.10.* (semver)
Unaffected: 5.15.29 , ≤ 5.15.* (semver)
Unaffected: 5.16.15 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48850",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:56:25.657269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:08.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/net-sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "081369ad088a76429984483b8a5f7e967a125aad",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "75fc8363227a999e8f3d17e2eb28dce5600dcd3f",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "8879b5313e9fa5e0c6d6812a0d25d83aed0110e2",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "d15c9f6e3335002fea1c33bc8f71a705fa96976c",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "3a79f380b3e10edf6caa9aac90163a5d7a282204",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            },
            {
              "lessThan": "4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624",
              "status": "affected",
              "version": "d519e17e2d01a0ee9abe083019532061b4438065",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/net-sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.272",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.185",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.307",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.272",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.235",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.185",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.106",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.29",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.15",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet-sysfs: add check for netdevice being present to speed_show\n\nWhen bringing down the netdevice or system shutdown, a panic can be\ntriggered while accessing the sysfs path because the device is already\nremoved.\n\n    [  755.549084] mlx5_core 0000:12:00.1: Shutdown was called\n    [  756.404455] mlx5_core 0000:12:00.0: Shutdown was called\n    ...\n    [  757.937260] BUG: unable to handle kernel NULL pointer dereference at           (null)\n    [  758.031397] IP: [\u003cffffffff8ee11acb\u003e] dma_pool_alloc+0x1ab/0x280\n\n    crash\u003e bt\n    ...\n    PID: 12649  TASK: ffff8924108f2100  CPU: 1   COMMAND: \"amsd\"\n    ...\n     #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778\n        [exception RIP: dma_pool_alloc+0x1ab]\n        RIP: ffffffff8ee11acb  RSP: ffff89240e1a3968  RFLAGS: 00010046\n        RAX: 0000000000000246  RBX: ffff89243d874100  RCX: 0000000000001000\n        RDX: 0000000000000000  RSI: 0000000000000246  RDI: ffff89243d874090\n        RBP: ffff89240e1a39c0   R8: 000000000001f080   R9: ffff8905ffc03c00\n        R10: ffffffffc04680d4  R11: ffffffff8edde9fd  R12: 00000000000080d0\n        R13: ffff89243d874090  R14: ffff89243d874080  R15: 0000000000000000\n        ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n    #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]\n    #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]\n    #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]\n    #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]\n    #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]\n    #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]\n    #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]\n    #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46\n    #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208\n    #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3\n    #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf\n    #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596\n    #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10\n    #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5\n    #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff\n    #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f\n    #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92\n\n    crash\u003e net_device.state ffff89443b0c0000\n      state = 0x5  (__LINK_STATE_START| __LINK_STATE_NOCARRIER)\n\nTo prevent this scenario, we also make sure that the netdevice is present."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:20:56.947Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad"
        },
        {
          "url": "https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204"
        },
        {
          "url": "https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624"
        }
      ],
      "title": "net-sysfs: add check for netdevice being present to speed_show",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48850",
    "datePublished": "2024-07-16T12:25:17.824Z",
    "dateReserved": "2024-07-16T11:38:08.912Z",
    "dateUpdated": "2025-12-23T13:20:56.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-06531

CVE-2022-48850 (GCVE-0-2022-48850)

Tags

Sightings

Nomenclature