CVE-2022-48637
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48637
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48637.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48637
- Downstream
- Related
- Published
- 2024-04-28T12:59:33.285Z
- Modified
- 2025-11-14T14:35:32.619122Z
- Summary
- bnxt: prevent skb UAF after handing over to PTP worker
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bnxt: prevent skb UAF after handing over to PTP worker
When reading the timestamp is required bnxttxint() hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards, as the worker may run before the rest of our code and free the skb, leading to a use-after-free.
Since devkfreeskb_any() accepts NULL make the loss of ownership more obvious and set skb to NULL.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced83bb623c968e7351aee5111547693f95f330dc5aFixed08483e4c0c83b221b8891434a04cec405dee94a6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced83bb623c968e7351aee5111547693f95f330dc5aFixed32afa1f23e42cc635ccf4c39f24514d03d1e8338
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced83bb623c968e7351aee5111547693f95f330dc5aFixedc31f26c8f69f776759cbbdfb38e40ea91aa0dd65
Affected versions
v5.*
v5.13
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.10
v5.19.11
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v5.19.9
v6.*
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c31f26c8f69f776759cbbdfb38e40ea91aa0dd65",
"signature_type": "Function",
"target": {
"function": "bnxt_tx_int",
"file": "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
},
"id": "CVE-2022-48637-2f6db6ff",
"digest": {
"length": 1430.0,
"function_hash": "316267146830953231345712757865115956991"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c31f26c8f69f776759cbbdfb38e40ea91aa0dd65",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
},
"id": "CVE-2022-48637-3ff7a43b",
"digest": {
"line_hashes": [
"104024397048817195886048066335005342182",
"284790443778023647183023086628030773705",
"256463390621561806738783061924451896682",
"178973642827145097871458552109606507710",
"128281475818806806066324208203267359758",
"90042510635901984187925405461547725578",
"74752017746796874045016006641827514021",
"86037422577214728037652188995176909211",
"101536241873372552591323842081500399425",
"12613983573845051301520873921503066784",
"218125984698243220932452164538666447338",
"75415621113731221555653591630853286097",
"307750511208041638573854115958156676721",
"73516778410270785305572103090921695764",
"117142246519912210709046121725774768581",
"296352532112821118888082281795943984505",
"103926791992121011494104301141557125224",
"112267823454468282751248264968840073785",
"14885506329976524987742322512464190708"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08483e4c0c83b221b8891434a04cec405dee94a6",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
},
"id": "CVE-2022-48637-5ebbe6c9",
"digest": {
"line_hashes": [
"104024397048817195886048066335005342182",
"284790443778023647183023086628030773705",
"256463390621561806738783061924451896682",
"178973642827145097871458552109606507710",
"128281475818806806066324208203267359758",
"90042510635901984187925405461547725578",
"74752017746796874045016006641827514021",
"86037422577214728037652188995176909211",
"101536241873372552591323842081500399425",
"12613983573845051301520873921503066784",
"218125984698243220932452164538666447338",
"75415621113731221555653591630853286097",
"307750511208041638573854115958156676721",
"73516778410270785305572103090921695764",
"117142246519912210709046121725774768581",
"296352532112821118888082281795943984505",
"103926791992121011494104301141557125224",
"112267823454468282751248264968840073785",
"14885506329976524987742322512464190708"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08483e4c0c83b221b8891434a04cec405dee94a6",
"signature_type": "Function",
"target": {
"function": "bnxt_tx_int",
"file": "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
},
"id": "CVE-2022-48637-b02d8d10",
"digest": {
"length": 1430.0,
"function_hash": "316267146830953231345712757865115956991"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32afa1f23e42cc635ccf4c39f24514d03d1e8338",
"signature_type": "Function",
"target": {
"function": "bnxt_tx_int",
"file": "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
},
"id": "CVE-2022-48637-ba6997ff",
"digest": {
"length": 1430.0,
"function_hash": "316267146830953231345712757865115956991"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32afa1f23e42cc635ccf4c39f24514d03d1e8338",
"signature_type": "Line",
"target": {
"file": "drivers/net/ethernet/broadcom/bnxt/bnxt.c"
},
"id": "CVE-2022-48637-f5f587fd",
"digest": {
"line_hashes": [
"104024397048817195886048066335005342182",
"284790443778023647183023086628030773705",
"256463390621561806738783061924451896682",
"178973642827145097871458552109606507710",
"128281475818806806066324208203267359758",
"90042510635901984187925405461547725578",
"74752017746796874045016006641827514021",
"86037422577214728037652188995176909211",
"101536241873372552591323842081500399425",
"12613983573845051301520873921503066784",
"218125984698243220932452164538666447338",
"75415621113731221555653591630853286097",
"307750511208041638573854115958156676721",
"73516778410270785305572103090921695764",
"117142246519912210709046121725774768581",
"296352532112821118888082281795943984505",
"103926791992121011494104301141557125224",
"112267823454468282751248264968840073785",
"14885506329976524987742322512464190708"
],
"threshold": 0.9
},
"deprecated": false
}
]