CVE-2022-48960

HIGH EPSS 14.7%
Published Oct 21, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
14.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥3.16  –  <4.9.336
linuxlinux_kernel*≥4.10  –  <4.14.302
linuxlinux_kernel*≥4.15  –  <4.19.269
linuxlinux_kernel*≥4.20  –  <5.4.227
linuxlinux_kernel*≥5.5  –  <5.10.159
linuxlinux_kernel*≥5.11  –  <5.15.83
linuxlinux_kernel*≥5.16  –  <6.0.13
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/433c07a13f59856e4585e89e86b7d4cc59348fab
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a95214a8c262
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387
    Patch