CVE-2022-48882

{"id": "CVE-2022-48882", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-21T07:15:04.863", "references": [{"url": "https://git.kernel.org/stable/c/514d9c6a39213d8200884e70f60ce7faef1ee597", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9828994ac492e8e7de47fe66097b7e665328f348", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)\n\nUpon updating MAC security entity (SecY) in hw offload path, the macsec\nsecurity association (SA) initialization routine is called. In case of\nextended packet number (epn) is enabled the salt and ssci attributes are\nretrieved using the MACsec driver rx_sa context which is unavailable when\nupdating a SecY property such as encoding-sa hence the null dereference.\nFix by using the provided SA to set those attributes."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: corrige la posible desreferencia nula de macsec al actualizar la entidad de seguridad MAC (SecY) Al actualizar la entidad de seguridad MAC (SecY) en la ruta de descarga de hw, se inicializa la asociaci\u00f3n de seguridad (SA) de macsec se llama rutina. En caso de que el n\u00famero de paquete extendido (epn) est\u00e9 habilitado, los atributos salt y ssci se recuperan utilizando el contexto rx_sa del controlador MACsec que no est\u00e1 disponible al actualizar una propiedad SecY como encoding-sa, de ah\u00ed la desreferencia nula. Solucione utilizando el SA proporcionado para establecer esos atributos."}], "lastModified": "2024-08-29T02:36:29.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "043B7290-EDB8-4ACE-A87A-8FA7D130B565", "versionEndExcluding": "6.1.7", "versionStartIncluding": "6.1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}