In the Linux kernel, the following vulnerability has been resolved:
qede: confirm skb is allocated before using
qedebuildskb() assumes buildskb() always works and goes straight to skbreserve(). However, build_skb() can fail under memory pressure. This results in a kernel panic because the skb to reserve is NULL.
Add a check in case build_skb() failed to allocate and return NULL.
The NULL return is handled correctly in callers to qedebuildskb().
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9bdce2359b5f4986eb38d1e81865b3586cc20d2", "signature_type": "Function", "target": { "function": "qede_build_skb", "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "length": 301.0, "function_hash": "128171979566276318313041783422349543935" }, "id": "CVE-2022-49084-50c1b0ed" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c9bdce2359b5f4986eb38d1e81865b3586cc20d2", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "line_hashes": [ "130343076821402670276937791855405580794", "332045171949630989622206218165216195057", "291080625365870463580581005878500149309" ], "threshold": 0.9 }, "id": "CVE-2022-49084-79756671" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@034a92c6a81048128fc7b18d278d52438a13902a", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "line_hashes": [ "130343076821402670276937791855405580794", "332045171949630989622206218165216195057", "291080625365870463580581005878500149309" ], "threshold": 0.9 }, "id": "CVE-2022-49084-8eb9ed58" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8928239e5e2e460d95b8a0b89f61671625e7ece0", "signature_type": "Function", "target": { "function": "qede_build_skb", "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "length": 301.0, "function_hash": "128171979566276318313041783422349543935" }, "id": "CVE-2022-49084-8f6de40b" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4e910dbe36508654a896d5735b318c0b88172570", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "line_hashes": [ "130343076821402670276937791855405580794", "332045171949630989622206218165216195057", "291080625365870463580581005878500149309" ], "threshold": 0.9 }, "id": "CVE-2022-49084-9773ad61" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e1fd0c42acfa22bb34d2ab6a111484f466ab8093", "signature_type": "Function", "target": { "function": "qede_build_skb", "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "length": 301.0, "function_hash": "128171979566276318313041783422349543935" }, "id": "CVE-2022-49084-b1c092f3" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8928239e5e2e460d95b8a0b89f61671625e7ece0", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "line_hashes": [ "130343076821402670276937791855405580794", "332045171949630989622206218165216195057", "291080625365870463580581005878500149309" ], "threshold": 0.9 }, "id": "CVE-2022-49084-bace45bd" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@034a92c6a81048128fc7b18d278d52438a13902a", "signature_type": "Function", "target": { "function": "qede_build_skb", "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "length": 301.0, "function_hash": "128171979566276318313041783422349543935" }, "id": "CVE-2022-49084-e3c4184c" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e1fd0c42acfa22bb34d2ab6a111484f466ab8093", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "line_hashes": [ "130343076821402670276937791855405580794", "332045171949630989622206218165216195057", "291080625365870463580581005878500149309" ], "threshold": 0.9 }, "id": "CVE-2022-49084-e7b370f1" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4e910dbe36508654a896d5735b318c0b88172570", "signature_type": "Function", "target": { "function": "qede_build_skb", "file": "drivers/net/ethernet/qlogic/qede/qede_fp.c" }, "deprecated": false, "digest": { "length": 301.0, "function_hash": "128171979566276318313041783422349543935" }, "id": "CVE-2022-49084-f8315b11" } ] }