CVE-2022-49516
MEDIUM EPSS 11.4%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: ice: always check VF VSI pointer values The ice_get_vf_vsi function can return NULL in some cases, such as if handling messages during a reset where the VSI is being removed and recreated. Several places throughout the driver do not bother to check whether this VSI pointer is valid. Static analysis tools maybe report issues because they detect paths where a potentially NULL pointer could be dereferenced. Fix this by checking the return value of ice_get_vf_vsi everywhere.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
11.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | <5.18.3 |
References 2
- git.kernel.org https://git.kernel.org/stable/c/baeb705fd6a7245cc1fa69ed991a9cffdf44a174
- git.kernel.org https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d
Remediation
- git.kernel.org https://git.kernel.org/stable/c/baeb705fd6a7245cc1fa69ed991a9cffdf44a174
- git.kernel.org https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d