NULL Pointer Dereference Affecting bpftool package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-BPFTOOL-6743139
- published 30 Apr 2024
- disclosed 28 Apr 2024
Introduced: 28 Apr 2024
CVE-2022-48648 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7
bpftool
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream bpftool
package and not the bpftool
package as distributed by Centos
.
See How to fix?
for Centos:7
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix null pointer dereference in efx_hard_start_xmit
Trying to get the channel from the tx_queue variable here is wrong because we can only be here if tx_queue is NULL, so we shouldn't dereference it. As the above comment in the code says, this is very unlikely to happen, but it's wrong anyway so let's fix it.
I hit this issue because of a different bug that caused tx_queue to be NULL. If that happens, this is the error message that we get here: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [...] RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]
References
- https://access.redhat.com/security/cve/CVE-2022-48648
- https://git.kernel.org/stable/c/0a242eb2913a4aa3d6fbdb86559f27628e9466f3
- https://git.kernel.org/stable/c/8547c7bfc0617e7184e4da65b9b96681fcfe9998
- https://git.kernel.org/stable/c/b3b41d4d95d3822b2e459ecbc80d030ea6aec5e7
- https://git.kernel.org/stable/c/b3b952168ee1f220ba729fa100fd9d5aa752eb03