NVD Vulnerability Detail

CVE-2022-48949

Summary	In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, 12:02 p.m.
Last Update	Oct. 30, 2024, 1:32 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4	Patch
2	https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a	Patch
3	https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1	Patch
4	https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4	Patch
5	https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e	Patch
6	https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d	Patch
7	https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29	Patch
8	https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-908	初期化されていないリソースの使用	https://cwe.mitre.org/data/definitions/908.html

JVN Vulnerability Information

Linux の Linux Kernel における初期化されていないリソースの使用に関する脆弱性

Title	Linux の Linux Kernel における初期化されていないリソースの使用に関する脆弱性
Summary	Linux の Linux Kernel には、初期化されていないリソースの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 13, 2022, midnight
Registration Date	Oct. 30, 2024, 1:53 p.m.
Last Update	Oct. 30, 2024, 1:53 p.m.

Affected System

Linux

Linux Kernel 4.0 以上 4.14.303 未満

Linux Kernel 4.15 以上 4.19.270 未満

Linux Kernel 4.20 以上 5.4.229 未満

Linux Kernel 5.11 以上 5.15.85 未満

Linux Kernel 5.16 以上 6.0.15 未満

Linux Kernel 5.5 以上 5.10.161 未満

Linux Kernel 6.1

Linux Kernel 6.1.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-48949	https://www.cve.org/CVERecord?id=CVE-2022-48949
National Vulnerability Database (NVD)
2	CVE-2022-48949	https://nvd.nist.gov/vuln/detail/CVE-2022-48949

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-908	http://cwe.mitre.org/data/definitions/908.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	igb: Initialize mailbox message for VF reset (367e1e3)	https://git.kernel.org/stable/c/367e1e3399dbc56fc669740c4ab60e35da632b0e
2	igb: Initialize mailbox message for VF reset (51fd5ed)	https://git.kernel.org/stable/c/51fd5ede7ed42f272682a0c33d6f0767b3484a3d
3	igb: Initialize mailbox message for VF reset (a662965)	https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4
4	igb: Initialize mailbox message for VF reset (c383c7c)	https://git.kernel.org/stable/c/c383c7c35c7bc15e07a04eefa060a8a80cbeae29
5	igb: Initialize mailbox message for VF reset (c581439)	https://git.kernel.org/stable/c/c581439a977545d61849a72e8ed631cfc8a2a3c1
6	igb: Initialize mailbox message for VF reset (de5dc44)	https://git.kernel.org/stable/c/de5dc44370fbd6b46bd7f1a1e00369be54a041c8
7	igb: Initialize mailbox message for VF reset (ef1d739)	https://git.kernel.org/stable/c/ef1d739dd1f362aec081278ff92f943c31eb177a
8	igb: Initialize mailbox message for VF reset (f2479c3)	https://git.kernel.org/stable/c/f2479c3daaabccbac6c343a737615d0c595c6dc4
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月30日] 掲載	Oct. 30, 2024, 1:53 p.m.