SB20240620183 - NULL pointer dereference in Linux kernel hw hfi1 driver
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240620183
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-48728)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190
- https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53
- https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b
- https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17