Back

CVE-2022-48934

Aug. 22, 2024, 8:33 p.m.

Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux kernel

linux_kernel

  • *

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-401
2024-08-22
CVE-2022-48934

CVE-2022-48934 details

Published : Aug. 22, 2024, 4:15 a.m.
Last Modified : Aug. 22, 2024, 8:33 p.m.

Description

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-401 Missing Release of Memory after Effective Lifetime The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

URL Source
https://git.kernel.org/stable/c/3a14d0888eb4b0045884126acc69abfb7b87814d 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4086d2433576baf85f0e538511df97c8101e0a10 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5ad5886f85b6bd893e3ed19013765fb0c243c069 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9d8097caa73200710d52b9f4d9f430548f46a900 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/af4bc921d39dffdb83076e0a7eed1321242b7d87 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
This website uses the NVD API, but is not approved or certified by it.