NVD Vulnerability Detail

CVE-2022-48966

Summary	In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap.
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, 12:01 p.m.
Last Update	Oct. 26, 2024, 5:05 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b	Patch
2	https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c	Patch
3	https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b	Patch
4	https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50	Patch
5	https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae	Patch
6	https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471	Patch
7	https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8	Patch
8	https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html

JVN Vulnerability Information

Linux の Linux Kernel における境界外読み取りに関する脆弱性

Title	Linux の Linux Kernel における境界外読み取りに関する脆弱性
Summary	Linux の Linux Kernel には、境界外読み取りに関する脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 5, 2022, midnight
Registration Date	Oct. 28, 2024, 2 p.m.
Last Update	Dec. 15, 2025, 1:37 p.m.

Affected System

Linux

Linux Kernel 4.10 以上 4.14.302 未満

Linux Kernel 4.15 以上 4.19.269 未満

Linux Kernel 4.20 以上 5.4.227 未満

Linux Kernel 4.5 以上 4.9.336 未満

Linux Kernel 5.11 以上 5.15.83 未満

Linux Kernel 5.16 以上 6.0.13 未満

Linux Kernel 5.5 以上 5.10.159 未満

Linux Kernel 6.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-48966	https://www.cve.org/CVERecord?id=CVE-2022-48966
National Vulnerability Database (NVD)
2	CVE-2022-48966	https://nvd.nist.gov/vuln/detail/CVE-2022-48966

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (146ebee)	https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae
2	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (3ceffb8)	https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b
3	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (47a1a2f)	https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c
4	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (5a14248)	https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b
5	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (6ca0a50)	https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b263bf3d8
6	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (a6b3059)	https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471
7	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (e8b4fc1)	https://git.kernel.org/stable/c/e8b4fc13900b8e8be48debffd0dfd391772501f7
8	net: mvneta: Prevent out of bounds read in mvneta_config_rss() (eec1fc2)	https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

その他

No	Name	URL
JVN
1	JVNVU#99514792	https://jvn.jp/vu/JVNVU99514792/index.html

Change Log

No	Changed Details	Date of change
1	[2024年10月28日] 掲載	Oct. 28, 2024, 2 p.m.
2	[2025年12月15日] 参考情報：JVN (JVNVU#99514792) を追加	Dec. 15, 2025, 11:57 a.m.