CVE-2022-49516
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49516
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49516.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49516
- Downstream
- Related
- Published
- 2025-02-26T02:13:44Z
- Modified
- 2025-10-15T22:00:50.085378Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ice: always check VF VSI pointer values
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ice: always check VF VSI pointer values
The icegetvf_vsi function can return NULL in some cases, such as if handling messages during a reset where the VSI is being removed and recreated.
Several places throughout the driver do not bother to check whether this VSI pointer is valid. Static analysis tools maybe report issues because they detect paths where a potentially NULL pointer could be dereferenced.
Fix this by checking the return value of icegetvf_vsi everywhere.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced37165e3f5664ee901e89ff9c13723c2743c5e47fFixede7be3877589d539c52e5d1d23a625f889b541b9d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced37165e3f5664ee901e89ff9c13723c2743c5e47fFixedbaeb705fd6a7245cc1fa69ed991a9cffdf44a174
Affected versions
v5.*
v5.15
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2