SB20240620203 - Integer underflow in Linux kernel amd xgbe driver
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240620203
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer underflow (CVE-ID: CVE-2022-48743)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/9924c80bd484340191e586110ca22bff23a49f2e
- https://git.kernel.org/stable/c/617f9934bb37993b9813832516f318ba874bcb7d
- https://git.kernel.org/stable/c/34aeb4da20f93ac80a6291a2dbe7b9c6460e9b26
- https://git.kernel.org/stable/c/9892742f035f7aa7dcd2bb0750effa486db89576
- https://git.kernel.org/stable/c/4d3fcfe8464838b3920bc2b939d888e0b792934e
- https://git.kernel.org/stable/c/db6fd92316a254be2097556f01bccecf560e53ce
- https://git.kernel.org/stable/c/e8f73f620fee5f52653ed2da360121e4446575c5
- https://git.kernel.org/stable/c/5aac9108a180fc06e28d4e7fb00247ce603b72ee
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.265
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.300
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.177