SB20250226268 - Use-after-free in Linux kernel ethernet sfc driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226268
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-49626)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efx_ef10_pci_sriov_disable() function in drivers/net/ethernet/sfc/ef10_sriov.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3199e34912d84cdfb8a93a984c5ae5c73fb13e84
- https://git.kernel.org/stable/c/58d93e9d160c0de6d867c7eb4c2206671a351eb1
- https://git.kernel.org/stable/c/9c854ae512b89229aeee93849e9bd4c115b37909
- https://git.kernel.org/stable/c/bcad880865bfb421885364b1f0c7351280fe2b97
- https://git.kernel.org/stable/c/c2240500817b3b4b996cdf2a461a3a5679f49b94
- https://git.kernel.org/stable/c/c9e75bb22a26e391f189f5a5133dd63dcb57fdaa
- https://git.kernel.org/stable/c/e435c4aeeaa073091f7f3b7735af2ef5c97d63f2
- https://git.kernel.org/stable/c/ebe41da5d47ac0fff877e57bd14c54dccf168827
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.289
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.253
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.324
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.132
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.207