CVE-2022-48932
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48932
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48932.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48932
- Downstream
- Related
- Published
- 2024-08-22T03:31:25.989Z
- Modified
- 2025-12-04T11:42:16.688944Z
- Summary
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: DR, Fix slab-out-of-bounds in mlx5cmddrcreatefte
When adding a rule with 32 destinations, we hit the following out-of-band access issue:
BUG: KASAN: slab-out-of-bounds in mlx5cmddrcreatefte+0x18ee/0x1e70
This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48932.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0aec12d97b2036af0946e3d582144739860ac07b
- https://git.kernel.org/stable/c/4ad319cdfbe555b4ff67bc608736c46a6930c848
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48932.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48932