In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: DR, Fix slab-out-of-bounds in mlx5cmddrcreatefte
When adding a rule with 32 destinations, we hit the following out-of-band access issue:
BUG: KASAN: slab-out-of-bounds in mlx5cmddrcreatefte+0x18ee/0x1e70
This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided.
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0aec12d97b2036af0946e3d582144739860ac07b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48932-5a6e03ba",
"target": {
"function": "mlx5_cmd_dr_create_fte",
"file": "drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c"
},
"digest": {
"length": 6320.0,
"function_hash": "338981200293300762860980081177968436763"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ad319cdfbe555b4ff67bc608736c46a6930c848",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48932-8c57a6d3",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"216596212933225640322288627391155513124",
"180865714335865498604436801111302051540",
"111767627082465740914893286353064903858",
"200785796822028666114427039599211216715",
"152572407908431734999728570420950600986",
"82597094333744919793448582048427720626",
"145926988251808595051215989629995668111",
"106647224567268577882335451828319044074",
"12438038599717051096162320556554204804",
"84231179827800809897038190324506487738",
"42328169913703085620367812686437575107",
"333190053361692118042697664023103355411",
"244826675767885114822485139597903351733",
"248432208878037150162264922178597814348",
"197599737547015474591646888090421215282",
"170646371629662813045383411635890262787",
"143405835505511157132222269661565085772",
"100021450040953569878374601543329630322",
"261573322819414177631490294770990607382",
"264877700448160137915848236128625545887",
"248344212239528935689551678338978717863",
"234306812270975122793011148675499009355",
"298287434930606443707194120128132811593"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ad319cdfbe555b4ff67bc608736c46a6930c848",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48932-cc869f93",
"target": {
"function": "mlx5_cmd_dr_create_fte",
"file": "drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c"
},
"digest": {
"length": 6212.0,
"function_hash": "197817099798214309383542006445479611359"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0aec12d97b2036af0946e3d582144739860ac07b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-48932-fdaf5dc6",
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"269374331545330156978633777238160134282",
"180865714335865498604436801111302051540",
"111767627082465740914893286353064903858",
"200785796822028666114427039599211216715",
"152572407908431734999728570420950600986",
"82597094333744919793448582048427720626",
"145926988251808595051215989629995668111",
"106647224567268577882335451828319044074",
"12438038599717051096162320556554204804",
"84231179827800809897038190324506487738",
"42328169913703085620367812686437575107",
"333190053361692118042697664023103355411",
"244826675767885114822485139597903351733",
"248432208878037150162264922178597814348",
"197599737547015474591646888090421215282",
"170646371629662813045383411635890262787",
"143405835505511157132222269661565085772",
"100021450040953569878374601543329630322",
"261573322819414177631490294770990607382",
"264877700448160137915848236128625545887",
"248344212239528935689551678338978717863",
"234306812270975122793011148675499009355",
"298287434930606443707194120128132811593"
]
},
"signature_type": "Line"
}
]