github - ghsa-6chx-4cx4-vrw4

ghsa-6chx-4cx4-vrw4

Vulnerability from github

Published

2025-05-01 15:31

Modified

2025-05-01 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-pf: Fix SQE threshold checking

Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitted SQE at the same index is processed in NAPI resulting losing SKB pointers, hence a leak. Fix this by checking a consumer index which is updated once CQE is processed.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49858"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:09Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed.",
  "id": "GHSA-6chx-4cx4-vrw4",
  "modified": "2025-05-01T15:31:50Z",
  "published": "2025-05-01T15:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49858"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2022-49858 (GCVE-0-2022-49858)

Vulnerability from cvelistv5

Published

2025-05-01 14:10

Modified

2025-05-04 08:47

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitted SQE at the same index is processed in NAPI resulting losing SKB pointers, hence a leak. Fix this by checking a consumer index which is updated once CQE is processed.

References

►

URL

Tags

	https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d
	https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb

Impacted products

Vendor

Product

Version

►

Version: 3ca6c4c882a7f34085b170d93cf0d0e843aa00e6
Version: 3ca6c4c882a7f34085b170d93cf0d0e843aa00e6

Version: 5.6

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c",
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c",
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "015e3c0a3b16193aab23beefe4719484b9984c2d",
              "status": "affected",
              "version": "3ca6c4c882a7f34085b170d93cf0d0e843aa00e6",
              "versionType": "git"
            },
            {
              "lessThan": "f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb",
              "status": "affected",
              "version": "3ca6c4c882a7f34085b170d93cf0d0e843aa00e6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c",
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c",
            "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:47:02.160Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb"
        }
      ],
      "title": "octeontx2-pf: Fix SQE threshold checking",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49858",
    "datePublished": "2025-05-01T14:10:11.559Z",
    "dateReserved": "2025-05-01T14:05:17.235Z",
    "dateUpdated": "2025-05-04T08:47:02.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.