摘要:
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
When having multiple dests with termination tables and second one
or afterwards fails the driver reverts usage of term tables but
doesn't reset the assignment in attr->dests[num_vport_dests].termtbl
which case a use-after-free when releasing the rule.
Fix by resetting the assignment of termtbl to null.
安全等级: Low
公告ID: KylinSec-SA-2024-4347
发布日期: 2024年12月9日
关联CVE: CVE-2022-49025
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
When having multiple dests with termination tables and second one
or afterwards fails the driver reverts usage of term tables but
doesn't reset the assignment in attr->dests[num_vport_dests].termtbl
which case a use-after-free when releasing the rule.
Fix by resetting the assignment of termtbl to null.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-49025 | KY3.4-5 | kernel | Unaffected |
| CVE-2022-49025 | V6 | kernel | Unaffected |
