SB20241022319 - Input validation error in Linux kernel ethernet hisilicon driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022319
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-48960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4
- https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f
- https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a
- https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c
- https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc
- https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387
- https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262
- https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1