Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-48949

Опубликовано: 21 окт. 2024
Источник: redhat
CVSS3: 4.7

Описание

In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.

Отчет

Only small memory leak possible for specific case, so security impact is limited.

Меры по смягчению последствий

To mitigate this issue, prevent module igb from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2320667kernel: igb: Initialize mailbox message for VF reset

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-48949

CVSS3: 5.5
ubuntu
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.

nvd логотип

CVE-2022-48949

CVSS3: 5.5
nvd
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.

debian логотип

CVE-2022-48949

CVSS3: 5.5
debian
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-2jwm-7wcx-f364

CVSS3: 5.5
github
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.

fstec логотип

BDU:2025-01693

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость компонента igb ядра операционной системы Linux, позволяющая нарушителю повысить привилегии в системе

4.7 Medium

CVSS3