{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48864", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.920Z", "datePublished": "2024-07-16T12:25:27.144Z", "dateUpdated": "2025-05-04T08:24:59.139Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:24:59.139Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\n\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "versions": [{"version": "52893733f2c5886fc74be6c386d12b59a3f581df", "lessThan": "e7e118416465f2ba8b55007e5b789823e101421e", "status": "affected", "versionType": "git"}, {"version": "52893733f2c5886fc74be6c386d12b59a3f581df", "lessThan": "9f6effca75626c7a7c7620dabcb1a254ca530230", "status": "affected", "versionType": "git"}, {"version": "52893733f2c5886fc74be6c386d12b59a3f581df", "lessThan": "ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.29", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.15", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.15.29"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.16.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}], "title": "vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:22.300777Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:07.092Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:22.300777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.756Z"}}], "cna": {"title": "vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "52893733f2c5", "lessThan": "e7e118416465", "versionType": "git"}, {"status": "affected", "version": "52893733f2c5", "lessThan": "9f6effca7562", "versionType": "git"}, {"status": "affected", "version": "52893733f2c5", "lessThan": "ed0f849fc3a6", "versionType": "git"}], "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.29", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.15", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/vdpa/mlx5/net/mlx5_vnet.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\n\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T12:25:27.144Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48864", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:07.092Z", "dateReserved": "2024-07-16T11:38:08.920Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T12:25:27.144Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "16671FB9-DA97-4162-A46E-218CDB4770CD", "versionEndExcluding": "5.15.29", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335", "versionEndExcluding": "5.16.15", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\n\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vdpa/mlx5: agregar validaci\u00f3n para el comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET Cuando control vq recibe una solicitud de comando VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET del controlador, actualmente no hay validaci\u00f3n contra el n\u00famero de pares de colas para configurar, o incluso si La multicola se hab\u00eda negociado o no no est\u00e1 verificada. Esto puede provocar p\u00e1nico en el kernel debido a recursos no inicializados para las colas si hubo alguna solicitud falsa enviada por un controlador que no es de confianza. Ata los cabos sueltos all\u00ed."}], "id": "CVE-2022-48864", "lastModified": "2024-11-21T07:34:14.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T13:15:13.233", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f6effca75626c7a7c7620dabcb1a254ca530230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7e118416465f2ba8b55007e5b789823e101421e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ed0f849fc3a63ed2ddf5e72cdb1de3bdbbb0f8eb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command", "id": "2298208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298208"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-455", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nWhen control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command\nrequest from the driver, presently there is no validation against the\nnumber of queue pairs to configure, or even if multiqueue had been\nnegotiated or not is unverified. This may lead to kernel panic due to\nuninitialized resource for the queues were there any bogus request\nsent down by untrusted driver. Tie up the loose ends there."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48864", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48864\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48864\nhttps://lore.kernel.org/linux-cve-announce/2024071629-CVE-2022-48864-2b26@gregkh/T"], "threat_severity": "Moderate"}