{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49182", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.283Z", "datePublished": "2025-02-26T01:55:33.574Z", "dateUpdated": "2025-03-04T18:07:17.957Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T01:55:33.574Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add vlan list lock to protect vlan list\n\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c", "drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h"], "versions": [{"version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "30f0ff7176efe8ac6c55f85bce26ed58bb608758", "status": "affected", "versionType": "git"}, {"version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "09e383ca97e798f9954189b741af54b5c51e7a97", "status": "affected", "versionType": "git"}, {"version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "f58af41deeab0f45c9c80adf5f2de489ebbac3dd", "status": "affected", "versionType": "git"}, {"version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "1932a624ab88ff407d1a1d567fe581faa15dc725", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c", "drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.33", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.19", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.2", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758"}, {"url": "https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97"}, {"url": "https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd"}, {"url": "https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725"}], "title": "net: hns3: add vlan list lock to protect vlan list", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T18:04:19.985508Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T18:07:17.957Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T18:04:19.985508Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T18:04:21.337Z"}}], "cna": {"title": "net: hns3: add vlan list lock to protect vlan list", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "30f0ff7176efe8ac6c55f85bce26ed58bb608758", "versionType": "git"}, {"status": "affected", "version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "09e383ca97e798f9954189b741af54b5c51e7a97", "versionType": "git"}, {"status": "affected", "version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "f58af41deeab0f45c9c80adf5f2de489ebbac3dd", "versionType": "git"}, {"status": "affected", "version": "c6075b193462d9a3930fb41f587f94720658752a", "lessThan": "1932a624ab88ff407d1a1d567fe581faa15dc725", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c", "drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.1"}, {"status": "unaffected", "version": "0", "lessThan": "5.1", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.33", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.19", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17.2", "versionType": "semver", "lessThanOrEqual": "5.17.*"}, {"status": "unaffected", "version": "5.18", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c", "drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758"}, {"url": "https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97"}, {"url": "https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd"}, {"url": "https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add vlan list lock to protect vlan list\n\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T01:55:33.574Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49182", "state": "PUBLISHED", "dateUpdated": "2025-03-04T18:07:17.957Z", "dateReserved": "2025-02-26T01:49:39.283Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-02-26T01:55:33.574Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5B0B00D-6DCA-4714-B384-1EB7C214ABBE", "versionEndExcluding": "5.15.33", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B", "versionEndExcluding": "5.16.19", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add vlan list lock to protect vlan list\n\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: agregar bloqueo de lista de VLAN para proteger la lista de VLAN Al agregar una VLAN base de puerto, la VLAN de VF debe eliminarse de HW y modificar el estado de VLAN en la lista de VLAN de VF como falso. Si la tarea de periodicidad est\u00e1 liberando el mismo nodo, puede causar un error de \"use-after-free\". Este parche agrega un bloqueo de lista de VLAN para proteger la lista de VLAN."}], "id": "CVE-2022-49182", "lastModified": "2025-03-25T15:07:11.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-26T07:00:55.333", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: net: hns3: add vlan list lock to protect vlan list", "id": "2348335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348335"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: hns3: add vlan list lock to protect vlan list\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list."], "name": "CVE-2022-49182", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49182\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49182\nhttps://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49182-f154@gregkh/T"], "threat_severity": "Low"}