CVE-2022-48841

medium

Description

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on ring is accessed to propagate gathered Tx stats onto VSI stats. Change the existing logic to move to next ring when ring is NULL.

References

https://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333

https://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ff

Details

Source: Mitre, NVD

Published: 2024-07-16

Updated: 2024-07-17

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H