CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
In the Linux kernel, the following vulnerability has been resolved:
ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
It is possible to do NULL pointer dereference in routine that updates
Tx ring stats. Currently only stats and bytes are updated when ring
pointer is valid, but later on ring is accessed to propagate gathered Tx
stats onto VSI stats.
Change the existing logic to move to next ring when ring is NULL.
git.kernel.org/linus/f153546913bada41a811722f2c6d17c3243a0333 (5.17)
git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ff
git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333
launchpad.net/bugs/cve/CVE-2022-48841
nvd.nist.gov/vuln/detail/CVE-2022-48841
security-tracker.debian.org/tracker/CVE-2022-48841
www.cve.org/CVERecord?id=CVE-2022-48841