#VU99207 Input validation error in Linux kernel - CVE-2022-48960
Published: October 22, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU99207
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48960
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4
- https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f
- https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a
- https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c
- https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc
- https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387
- https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262
- https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1