{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49516", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.587Z", "datePublished": "2025-02-26T02:13:44.359Z", "dateUpdated": "2025-03-14T12:19:01.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-03-14T12:19:01.686Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: always check VF VSI pointer values\n\nThe ice_get_vf_vsi function can return NULL in some cases, such as if\nhandling messages during a reset where the VSI is being removed and\nrecreated.\n\nSeveral places throughout the driver do not bother to check whether this\nVSI pointer is valid. Static analysis tools maybe report issues because\nthey detect paths where a potentially NULL pointer could be dereferenced.\n\nFix this by checking the return value of ice_get_vf_vsi everywhere."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_devlink.c", "drivers/net/ethernet/intel/ice/ice_repr.c", "drivers/net/ethernet/intel/ice/ice_sriov.c", "drivers/net/ethernet/intel/ice/ice_vf_lib.c", "drivers/net/ethernet/intel/ice/ice_virtchnl.c", "drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"], "versions": [{"version": "37165e3f5664ee901e89ff9c13723c2743c5e47f", "lessThan": "e7be3877589d539c52e5d1d23a625f889b541b9d", "status": "affected", "versionType": "git"}, {"version": "37165e3f5664ee901e89ff9c13723c2743c5e47f", "lessThan": "baeb705fd6a7245cc1fa69ed991a9cffdf44a174", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_devlink.c", "drivers/net/ethernet/intel/ice/ice_repr.c", "drivers/net/ethernet/intel/ice/ice_sriov.c", "drivers/net/ethernet/intel/ice/ice_vf_lib.c", "drivers/net/ethernet/intel/ice/ice_virtchnl.c", "drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d"}, {"url": "https://git.kernel.org/stable/c/baeb705fd6a7245cc1fa69ed991a9cffdf44a174"}], "title": "ice: always check VF VSI pointer values", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3108C4DF-1578-4A9A-ADC7-1128DE921D69", "versionEndExcluding": "5.18.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: always check VF VSI pointer values\n\nThe ice_get_vf_vsi function can return NULL in some cases, such as if\nhandling messages during a reset where the VSI is being removed and\nrecreated.\n\nSeveral places throughout the driver do not bother to check whether this\nVSI pointer is valid. Static analysis tools maybe report issues because\nthey detect paths where a potentially NULL pointer could be dereferenced.\n\nFix this by checking the return value of ice_get_vf_vsi everywhere."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: siempre comprobar los valores del puntero VSI de VF La funci\u00f3n ice_get_vf_vsi puede devolver NULL en algunos casos, como si se trataran mensajes durante un reinicio en el que se elimina y se vuelve a crear el VSI. Varios lugares del controlador no se molestan en comprobar si este puntero VSI es v\u00e1lido. Las herramientas de an\u00e1lisis est\u00e1tico pueden informar problemas porque detectan rutas en las que se podr\u00eda desreferenciar un puntero potencialmente NULL. Solucione esto comprobando el valor de retorno de ice_get_vf_vsi en todas partes."}], "id": "CVE-2022-49516", "lastModified": "2025-03-17T16:48:02.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:27.653", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/baeb705fd6a7245cc1fa69ed991a9cffdf44a174"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ice: always check VF VSI pointer values", "id": "2348075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348075"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nice: always check VF VSI pointer values\nThe ice_get_vf_vsi function can return NULL in some cases, such as if\nhandling messages during a reset where the VSI is being removed and\nrecreated.\nSeveral places throughout the driver do not bother to check whether this\nVSI pointer is valid. Static analysis tools maybe report issues because\nthey detect paths where a potentially NULL pointer could be dereferenced.\nFix this by checking the return value of ice_get_vf_vsi everywhere."], "name": "CVE-2022-49516", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49516\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49516\nhttps://lore.kernel.org/linux-cve-announce/2025022610-CVE-2022-49516-2748@gregkh/T"], "threat_severity": "Low"}