CVE-2022-49858

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-49858

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitted SQE at the same index is processed in NAPI resulting losing SKB pointers, hence a leak. Fix this by checking a consumer index which is updated once CQE is processed.

References
Link Resource
https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d Patch
https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
History

10 Nov 2025, 21:03

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d - () https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d - Patch
References () https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb - () https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb - Patch
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux

02 May 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: Se corrige la comprobación del umbral de SQE. La forma actual de comprobar el recuento de SQE disponibles, basada en el recuento de SQB actualizado por hardware, podría provocar que el controlador envíe un SQE incluso antes de que se procese en NAPI el CQE del SQE previamente transmitido en el mismo índice, lo que resulta en la pérdida de punteros SKB y, por lo tanto, una fuga. Se soluciona esto comprobando un índice de consumidor que se actualiza una vez procesado el CQE.

01 May 2025, 15:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-01 15:16

Updated : 2025-11-10 21:03

NVD link : CVE-2022-49858

Mitre link : CVE-2022-49858

CVE.ORG link : CVE-2022-49858

JSON object : View

Products Affected

linux

CWE
NVD-CWE-noinfo