{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2022-48652",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-02-25T13:44:28.317Z",
        "datePublished": "2024-04-28T13:00:47.842Z",
        "dateUpdated": "2024-08-03T15:17:55.623Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:10:54.506Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix crash by keep old cfg when update TCs more than queues\n\nThere are problems if allocated queues less than Traffic Classes.\n\nCommit a632b2a4c920 (\"ice: ethtool: Prohibit improper channel config\nfor DCB\") already disallow setting less queues than TCs.\n\nAnother case is if we first set less queues, and later update more TCs\nconfig due to LLDP, ice_vsi_cfg_tc() will failed but left dirty\nnum_txq/rxq and tc_cfg in vsi, that will cause invalid pointer access.\n\n[   95.968089] ice 0000:3b:00.1: More TCs defined than queues/rings allocated.\n[   95.968092] ice 0000:3b:00.1: Trying to use more Rx queues (8), than were allocated (1)!\n[   95.968093] ice 0000:3b:00.1: Failed to config TC for VSI index: 0\n[   95.969621] general protection fault: 0000 [#1] SMP NOPTI\n[   95.969705] CPU: 1 PID: 58405 Comm: lldpad Kdump: loaded Tainted: G     U  W  O     --------- -t - 4.18.0 #1\n[   95.969867] Hardware name: O.E.M/BC11SPSCB10, BIOS 8.23 12/30/2021\n[   95.969992] RIP: 0010:devm_kmalloc+0xa/0x60\n[   95.970052] Code: 5c ff ff ff 31 c0 5b 5d 41 5c c3 b8 f4 ff ff ff eb f4 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 89 d1 <8b> 97 60 02 00 00 48 8d 7e 18 48 39 f7 72 3f 55 89 ce 53 48 8b 4c\n[   95.970344] RSP: 0018:ffffc9003f553888 EFLAGS: 00010206\n[   95.970425] RAX: dead000000000200 RBX: ffffea003c425b00 RCX: 00000000006080c0\n[   95.970536] RDX: 00000000006080c0 RSI: 0000000000000200 RDI: dead000000000200\n[   95.970648] RBP: dead000000000200 R08: 00000000000463c0 R09: ffff888ffa900000\n[   95.970760] R10: 0000000000000000 R11: 0000000000000002 R12: ffff888ff6b40100\n[   95.970870] R13: ffff888ff6a55018 R14: 0000000000000000 R15: ffff888ff6a55460\n[   95.970981] FS:  00007f51b7d24700(0000) GS:ffff88903ee80000(0000) knlGS:0000000000000000\n[   95.971108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   95.971197] CR2: 00007fac5410d710 CR3: 0000000f2c1de002 CR4: 00000000007606e0\n[   95.971309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[   95.971419] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[   95.971530] PKRU: 55555554\n[   95.971573] Call Trace:\n[   95.971622]  ice_setup_rx_ring+0x39/0x110 [ice]\n[   95.971695]  ice_vsi_setup_rx_rings+0x54/0x90 [ice]\n[   95.971774]  ice_vsi_open+0x25/0x120 [ice]\n[   95.971843]  ice_open_internal+0xb8/0x1f0 [ice]\n[   95.971919]  ice_ena_vsi+0x4f/0xd0 [ice]\n[   95.971987]  ice_dcb_ena_dis_vsi.constprop.5+0x29/0x90 [ice]\n[   95.972082]  ice_pf_dcb_cfg+0x29a/0x380 [ice]\n[   95.972154]  ice_dcbnl_setets+0x174/0x1b0 [ice]\n[   95.972220]  dcbnl_ieee_set+0x89/0x230\n[   95.972279]  ? dcbnl_ieee_del+0x150/0x150\n[   95.972341]  dcb_doit+0x124/0x1b0\n[   95.972392]  rtnetlink_rcv_msg+0x243/0x2f0\n[   95.972457]  ? dcb_doit+0x14d/0x1b0\n[   95.972510]  ? __kmalloc_node_track_caller+0x1d3/0x280\n[   95.972591]  ? rtnl_calcit.isra.31+0x100/0x100\n[   95.972661]  netlink_rcv_skb+0xcf/0xf0\n[   95.972720]  netlink_unicast+0x16d/0x220\n[   95.972781]  netlink_sendmsg+0x2ba/0x3a0\n[   95.975891]  sock_sendmsg+0x4c/0x50\n[   95.979032]  ___sys_sendmsg+0x2e4/0x300\n[   95.982147]  ? kmem_cache_alloc+0x13e/0x190\n[   95.985242]  ? __wake_up_common_lock+0x79/0x90\n[   95.988338]  ? __check_object_size+0xac/0x1b0\n[   95.991440]  ? _copy_to_user+0x22/0x30\n[   95.994539]  ? move_addr_to_user+0xbb/0xd0\n[   95.997619]  ? __sys_sendmsg+0x53/0x80\n[   96.000664]  __sys_sendmsg+0x53/0x80\n[   96.003747]  do_syscall_64+0x5b/0x1d0\n[   96.006862]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nOnly update num_txq/rxq when passed check, and restore tc_cfg if setup\nqueue map failed."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/ethernet/intel/ice/ice_lib.c"
                    ],
                    "versions": [
                        {
                            "version": "a632b2a4c920",
                            "lessThan": "7c945e5b4787",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "a632b2a4c920",
                            "lessThan": "a509702cac95",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/ethernet/intel/ice/ice_lib.c"
                    ],
                    "versions": [
                        {
                            "version": "5.19",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "5.19",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.19.12",
                            "lessThanOrEqual": "5.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.0",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/7c945e5b4787db47d728120b56c934ba05f99864"
                },
                {
                    "url": "https://git.kernel.org/stable/c/a509702cac95a8b450228a037c8542f57e538e5b"
                }
            ],
            "title": "ice: Fix crash by keep old cfg when update TCs more than queues",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "title": "CISA ADP Vulnrichment",
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2022-48652",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-05-28T18:39:48.506464Z"
                            }
                        }
                    }
                ],
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-04T17:16:36.260Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-03T15:17:55.623Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/7c945e5b4787db47d728120b56c934ba05f99864",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/a509702cac95a8b450228a037c8542f57e538e5b",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}