CVE-2022-49972 (GCVE-0-2022-49972)
Vulnerability from cvelistv5
Published
2025-06-18 11:00
Modified
2025-06-18 11:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix corrupted packets for XDP_SHARED_UMEM Fix an issue in XDP_SHARED_UMEM mode together with aligned mode where packets are corrupted for the second and any further sockets bound to the same umem. In other words, this does not affect the first socket bound to the umem. The culprit for this bug is that the initialization of the DMA addresses for the pre-populated xsk buffer pool entries was not performed for any socket but the first one bound to the umem. Only the linear array of DMA addresses was populated. Fix this by populating the DMA addresses in the xsk buffer pool for every socket bound to the same umem.
Impacted products
Vendor Product Version
Linux Linux Version: 94033cd8e73b8632bab7c8b7bb54caa4f5616db7
Version: 94033cd8e73b8632bab7c8b7bb54caa4f5616db7
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk_buff_pool.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2c75891d56ab6fe5ba0d415bfad91d514a4027cd",
              "status": "affected",
              "version": "94033cd8e73b8632bab7c8b7bb54caa4f5616db7",
              "versionType": "git"
            },
            {
              "lessThan": "58ca14ed98c87cfe0d1408cc65a9745d9e9b7a56",
              "status": "affected",
              "version": "94033cd8e73b8632bab7c8b7bb54caa4f5616db7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk_buff_pool.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.8",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\n\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\npackets are corrupted for the second and any further sockets bound to\nthe same umem. In other words, this does not affect the first socket\nbound to the umem. The culprit for this bug is that the initialization\nof the DMA addresses for the pre-populated xsk buffer pool entries was\nnot performed for any socket but the first one bound to the umem. Only\nthe linear array of DMA addresses was populated. Fix this by populating\nthe DMA addresses in the xsk buffer pool for every socket bound to the\nsame umem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T11:00:35.382Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2c75891d56ab6fe5ba0d415bfad91d514a4027cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/58ca14ed98c87cfe0d1408cc65a9745d9e9b7a56"
        }
      ],
      "title": "xsk: Fix corrupted packets for XDP_SHARED_UMEM",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49972",
    "datePublished": "2025-06-18T11:00:35.382Z",
    "dateReserved": "2025-06-18T10:57:27.384Z",
    "dateUpdated": "2025-06-18T11:00:35.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49972\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-06-18T11:15:24.570\",\"lastModified\":\"2025-06-18T13:46:52.973\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\\n\\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\\npackets are corrupted for the second and any further sockets bound to\\nthe same umem. In other words, this does not affect the first socket\\nbound to the umem. The culprit for this bug is that the initialization\\nof the DMA addresses for the pre-populated xsk buffer pool entries was\\nnot performed for any socket but the first one bound to the umem. Only\\nthe linear array of DMA addresses was populated. Fix this by populating\\nthe DMA addresses in the xsk buffer pool for every socket bound to the\\nsame umem.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: corrige paquetes da\u00f1ados para XDP_SHARED_UMEM Corrige un problema en el modo XDP_SHARED_UMEM junto con el modo alineado donde los paquetes se corrompen para el segundo socket y cualquier socket posterior vinculado al mismo umem. En otras palabras, esto no afecta al primer socket vinculado al umem. El culpable de este error es que la inicializaci\u00f3n de las direcciones DMA para las entradas del grupo de b\u00faferes xsk pre-rellenadas no se realiz\u00f3 para ning\u00fan socket excepto el primero vinculado al umem. Solo se rellen\u00f3 la matriz lineal de direcciones DMA. Corrige esto rellenando las direcciones DMA en el grupo de b\u00faferes xsk para cada socket vinculado al mismo umem.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2c75891d56ab6fe5ba0d415bfad91d514a4027cd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/58ca14ed98c87cfe0d1408cc65a9745d9e9b7a56\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…