CVE-2022-49182 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use after free" error. This patch adds a vlan list lock to protect the vlan list.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

References

Link	Providers
https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97
https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725
https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758
https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd
https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49182-f154@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49182
https://www.cve.org/CVERecord?id=CVE-2022-49182

History

Tue, 04 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 26 Feb 2025 13:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49182-f154@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49182 https://www.cve.org/CVERecord?id=CVE-2022-49182
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 26 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use after free" error. This patch adds a vlan list lock to protect the vlan list.
Title		net: hns3: add vlan list lock to protect vlan list
References		https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97 https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725 https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758 https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-02-26T01:55:33.574Z

Updated: 2025-03-04T18:07:17.957Z

Reserved: 2025-02-26T01:49:39.283Z

Link: CVE-2022-49182

Vulnrichment

Updated: 2025-03-04T18:04:21.337Z

NVD

Status : Awaiting Analysis

Published: 2025-02-26T07:00:55.333

Modified: 2025-03-04T18:15:22.983

Link: CVE-2022-49182

Redhat

Severity : Low

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49182 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object