DEBIAN-CVE-2022-49626

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-49626

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49626.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-49626

Upstream

CVE-2022-49626

Published

2025-02-26T07:01:37Z

Modified

2025-10-14T04:26:16.560018Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being freed was vf->pcidev: it was freed from pcidisablesriov and later read in efxef10sriovfreevfvports, called from efxef10sriovfreevfvswitching. Set the pointer to NULL at release time to not trying to read it later. Reproducer and dmesg log (note that kfence doesn't detect it every time): $ echo 1 > /sys/class/net/enp65s0f0np0/device/sriovnumvfs $ echo 0 > /sys/class/net/enp65s0f0np0/device/sriovnumvfs BUG: KFENCE: use-after-free read in efxef10sriovfreevfvswitching+0x82/0x170 [sfc] Use-after-free read at 0x00000000ff3c1ba5 (in kfence-#224): efxef10sriovfreevfvswitching+0x82/0x170 [sfc] efxef10pcisriovdisable+0x38/0x70 [sfc] efxpcisriovconfigure+0x24/0x40 [sfc] sriovnumvfsstore+0xfe/0x140 kernfsfopwriteiter+0x11c/0x1b0 newsyncwrite+0x11f/0x1b0 vfswrite+0x1eb/0x280 ksyswrite+0x5f/0xe0 dosyscall64+0x5c/0x80 entrySYSCALL64afterhwframe+0x44/0xae kfence-#224: 0x00000000edb8ef95-0x00000000671f5ce1, size=2792, cache=kmalloc-4k allocated by task 6771 on cpu 10 at 3137.860196s: pciallocdev+0x21/0x60 pciiovaddvirtfn+0x2a2/0x320 sriovenable+0x212/0x3e0 efxef10sriovconfigure+0x67/0x80 [sfc] efxpcisriovconfigure+0x24/0x40 [sfc] sriovnumvfsstore+0xba/0x140 kernfsfopwriteiter+0x11c/0x1b0 newsyncwrite+0x11f/0x1b0 vfswrite+0x1eb/0x280 ksyswrite+0x5f/0xe0 dosyscall64+0x5c/0x80 entrySYSCALL64afterhwframe+0x44/0xae freed by task 6771 on cpu 12 at 3170.991309s: devicerelease+0x34/0x90 kobjectcleanup+0x3a/0x130 pciiovremovevirtfn+0xd9/0x120 sriovdisable+0x30/0xe0 efxef10pcisriovdisable+0x57/0x70 [sfc] efxpcisriovconfigure+0x24/0x40 [sfc] sriovnumvfsstore+0xfe/0x140 kernfsfopwriteiter+0x11c/0x1b0 newsyncwrite+0x11f/0x1b0 vfswrite+0x1eb/0x280 ksyswrite+0x5f/0xe0 dosyscall64+0x5c/0x80 entrySYSCALL64afterhwframe+0x44/0xae

References

https://security-tracker.debian.org/tracker/CVE-2022-49626

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.136-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}