Improper Handling of Length Parameter Inconsistency Affecting kernel-zfcpdump-modules package, versions <0:4.18.0-477.10.1.el8_8
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELZFCPDUMPMODULES-7801192
- published 22 Aug 2024
- disclosed 21 Aug 2024
Introduced: 21 Aug 2024
CVE-2022-48883 Open this link in a new tabHow to fix?
Upgrade RHEL:8
kernel-zfcpdump-modules
to version 0:4.18.0-477.10.1.el8_8 or higher.
This issue was patched in RHSA-2023:2951
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump-modules
package and not the kernel-zfcpdump-modules
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
A user is able to configure an arbitrary number of rx queues when creating an interface via netlink. This doesn't work for child PKEY interfaces because the child interface uses the parent receive channels.
Although the child shares the parent's receive channels, the number of rx queues is important for the channel_stats array: the parent's rx channel index is used to access the child's channel_stats. So the array has to be at least as large as the parent's rx queue size for the counting to work correctly and to prevent out of bound accesses.
This patch checks for the mentioned scenario and returns an error when trying to create the interface. The error is propagated to the user.