CVE-2022-50252

Опубликовано: 15 сент. 2025

Источник: redhat

CVSS3: 1.9

Описание

In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the original adapter->q_vector[v_idx] array position.

Отчет

The patch addresses a potential use-after-free in the Intel igb driver during q_vector reallocation under memory pressure. The issue occurs if kzalloc() fails while resizing q_vector. Exploitation is highly impractical, as it requires local root privileges and artificial OOM conditions. The impact is limited to a possible driver crash (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2395344kernel: igb: Do not free q_vector unless new one was allocated

1.9 Low

CVSS3

Связанные уязвимости

CVE-2022-50252

CVSS3: 7.8

ubuntu

5 месяцев назад

CVE-2022-50252

CVSS3: 7.8

nvd

5 месяцев назад

CVE-2022-50252

CVSS3: 7.8

debian

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: i ...

SUSE-SU-2025:3926-1

suse-cvrf

3 месяца назад

Security update for the Linux Kernel (Live Patch 72 for SLE 12 SP5)

GHSA-cp87-76w4-mfxp

CVSS3: 7.8

github

5 месяцев назад

1.9 Low

CVSS3