Input validation error in Linux kernel ethernet hisilicon driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-48962 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU99208
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 6.1 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885
https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a
https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e
https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca
https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506
https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942
https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a7507a5ba06ebb9
https://git.kernel.org/stable/c/4640177049549de1a43e9bc49265f0cdfce08cfd
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
