CVE-2022-49858

{"id": "CVE-2022-49858", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-05-01T15:16:09.410", "references": [{"url": "https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: Se corrige la comprobaci\u00f3n del umbral de SQE. La forma actual de comprobar el recuento de SQE disponibles, basada en el recuento de SQB actualizado por hardware, podr\u00eda provocar que el controlador env\u00ede un SQE incluso antes de que se procese en NAPI el CQE del SQE previamente transmitido en el mismo \u00edndice, lo que resulta en la p\u00e9rdida de punteros SKB y, por lo tanto, una fuga. Se soluciona esto comprobando un \u00edndice de consumidor que se actualiza una vez procesado el CQE."}], "lastModified": "2025-11-10T21:03:21.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE27853D-39C2-4B1E-8A20-34EF9FE13B95", "versionEndExcluding": "6.0.9", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}