In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table
When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[numvportdests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null.
{ "vanir_signatures": [ { "deprecated": false, "id": "CVE-2022-49025-2b11c48d", "digest": { "threshold": 0.9, "line_hashes": [ "114983714690645879541350774468752024135", "124934045834885229451395233869895263912", "252759726284805249657490032453929362343" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d2f9d95d9fbe993f3c4bafb87d59897b0325aff", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c" }, "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "id": "CVE-2022-49025-33310383", "digest": { "threshold": 0.9, "line_hashes": [ "114983714690645879541350774468752024135", "124934045834885229451395233869895263912", "252759726284805249657490032453929362343" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52c795af04441d76f565c4634f893e5b553df2ae", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c" }, "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "id": "CVE-2022-49025-58517cf7", "digest": { "threshold": 0.9, "line_hashes": [ "114983714690645879541350774468752024135", "124934045834885229451395233869895263912", "252759726284805249657490032453929362343" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6d2d26a49c3a9cd46b232975e45236304810904", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c" }, "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "id": "CVE-2022-49025-648a7937", "digest": { "function_hash": "146510132616505240180743307218631009966", "length": 2041.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52c795af04441d76f565c4634f893e5b553df2ae", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c", "function": "mlx5_eswitch_add_termtbl_rule" }, "signature_version": "v1", "signature_type": "Function" }, { "deprecated": false, "id": "CVE-2022-49025-6fe5fde5", "digest": { "threshold": 0.9, "line_hashes": [ "114983714690645879541350774468752024135", "124934045834885229451395233869895263912", "252759726284805249657490032453929362343" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2d73a77060c3cbdc6e801cd5d979d674cd404b", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c" }, "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "id": "CVE-2022-49025-78568439", "digest": { "function_hash": "231234007458018711299555985264392868963", "length": 1563.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a2d73a77060c3cbdc6e801cd5d979d674cd404b", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c", "function": "mlx5_eswitch_add_termtbl_rule" }, "signature_version": "v1", "signature_type": "Function" }, { "deprecated": false, "id": "CVE-2022-49025-a449803f", "digest": { "function_hash": "146510132616505240180743307218631009966", "length": 2041.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@372eb550faa0757349040fd43f59483cbfdb2c0b", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c", "function": "mlx5_eswitch_add_termtbl_rule" }, "signature_version": "v1", "signature_type": "Function" }, { "deprecated": false, "id": "CVE-2022-49025-ad110a81", "digest": { "function_hash": "146510132616505240180743307218631009966", "length": 2041.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e6d2d26a49c3a9cd46b232975e45236304810904", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c", "function": "mlx5_eswitch_add_termtbl_rule" }, "signature_version": "v1", "signature_type": "Function" }, { "deprecated": false, "id": "CVE-2022-49025-e42fecfd", "digest": { "threshold": 0.9, "line_hashes": [ "114983714690645879541350774468752024135", "124934045834885229451395233869895263912", "252759726284805249657490032453929362343" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@372eb550faa0757349040fd43f59483cbfdb2c0b", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c" }, "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "id": "CVE-2022-49025-ed573e54", "digest": { "function_hash": "298100393599901059849126599706038636218", "length": 2029.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d2f9d95d9fbe993f3c4bafb87d59897b0325aff", "target": { "file": "drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads_termtbl.c", "function": "mlx5_eswitch_add_termtbl_rule" }, "signature_version": "v1", "signature_type": "Function" } ] }