SB20241022322 - Input validation error in Linux kernel ethernet marvell driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022322
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-48966)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mvneta_config_rss() function in drivers/net/ethernet/marvell/mvneta.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
- https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c
- https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b
- https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50
- https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae
- https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471
- https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8
- https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1