{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49858", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.235Z", "datePublished": "2025-05-01T14:10:11.559Z", "dateUpdated": "2025-05-04T08:47:02.160Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:47:02.160Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c", "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c", "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.h"], "versions": [{"version": "3ca6c4c882a7f34085b170d93cf0d0e843aa00e6", "lessThan": "015e3c0a3b16193aab23beefe4719484b9984c2d", "status": "affected", "versionType": "git"}, {"version": "3ca6c4c882a7f34085b170d93cf0d0e843aa00e6", "lessThan": "f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c", "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c", "drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.h"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.9", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.0.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d"}, {"url": "https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb"}], "title": "octeontx2-pf: Fix SQE threshold checking", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-pf: Se corrige la comprobaci\u00f3n del umbral de SQE. La forma actual de comprobar el recuento de SQE disponibles, basada en el recuento de SQB actualizado por hardware, podr\u00eda provocar que el controlador env\u00ede un SQE incluso antes de que se procese en NAPI el CQE del SQE previamente transmitido en el mismo \u00edndice, lo que resulta en la p\u00e9rdida de punteros SKB y, por lo tanto, una fuga. Se soluciona esto comprobando un \u00edndice de consumidor que se actualiza una vez procesado el CQE."}], "id": "CVE-2022-49858", "lastModified": "2025-05-02T13:52:51.693", "metrics": {}, "published": "2025-05-01T15:16:09.410", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: octeontx2-pf: Fix SQE threshold checking", "id": "2363470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363470"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nocteontx2-pf: Fix SQE threshold checking\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed."], "name": "CVE-2022-49858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49858\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49858\nhttps://lore.kernel.org/linux-cve-announce/2025050146-CVE-2022-49858-a1ee@gregkh/T"], "statement": "The patch fixes an issue in the octeontx2-pf driver where the SQE (Send Queue Entry) availability check was incorrect. The old method relied on hardware-updated SQB counts and could falsely allow new SQEs to be submitted before the completion (CQE) of prior ones. This race condition could result in reuse of the same SQE index before its associated SKB (socket buffer) is safely released \u2014 leading to use-after-free or memory leak (SKB pointer loss).", "threat_severity": "Moderate"}