CVE-2022-48640: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory required for the counter is never created and when the mode is changed there is never any attempt to verify the memory is allocated upon switching modes. This causes the following Oops on an aarch64 machine: [ 334.686773] Unable to handle kernel paging request at virtual address ffff2c91ac905000 [ 334.694703] Mem abort info: [ 334.697486] ESR = 0x0000000096000004 [ 334.701234] EC = 0x25: DABT (current EL), IL = 32 bits [ 334.706536] SET = 0, FnV = 0 [ 334.709579] EA = 0, S1PTW = 0 [ 334.712719] FSC = 0x04: level 0 translation fault [ 334.717586] Data abort info: [ 334.720454] ISV = 0, ISS = 0x00000004 [ 334.724288] CM = 0, WnR = 0 [ 334.727244] swapper pgtable: 4k pages, 48-bit VAs, pgdp=000008044d662000 [ 334.733944] [ffff2c91ac905000] pgd=0000000000000000, p4d=0000000000000000 [ 334.740734] Internal error: Oops: 96000004 [#1] SMP [ 334.745602] Modules linked in: bonding tls veth rfkill sunrpc arm_spe_pmu vfat fat acpi_ipmi ipmi_ssif ixgbe igb i40e mdio ipmi_devintf ipmi_msghandler arm_cmn arm_dsu_pmu cppc_cpufreq acpi_tad fuse zram crct10dif_ce ast ghash_ce sbsa_gwdt nvme drm_vram_helper drm_ttm_helper nvme_core ttm xgene_hwmon [ 334.772217] CPU: 7 PID: 2214 Comm: ping Not tainted 6.0.0-rc4-00133-g64ae13ed4784 #4 [ 334.779950] Hardware name: GIGABYTE R272-P31-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 [ 334.789244] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 334.796196] pc : bond_rr_gen_slave_id+0x40/0x124 [bonding] [ 334.801691] lr : bond_xmit_roundrobin_slave_get+0x38/0xdc [bonding] [ 334.807962] sp : ffff8000221733e0 [ 334.811265] x29: ffff8000221733e0 x28: ffffdbac8572d198 x27: ffff80002217357c [ 334.818392] x26: 000000000000002a x25: ffffdbacb33ee000 x24: ffff07ff980fa000 [ 334.825519] x23: ffffdbacb2e398ba x22: ffff07ff98102000 x21: ffff07ff981029c0 [ 334.832646] x20: 0000000000000001 x19: ffff07ff981029c0 x18: 0000000000000014 [ 334.839773] x17: 0000000000000000 x16: ffffdbacb1004364 x15: 0000aaaabe2f5a62 [ 334.846899] x14: ffff07ff8e55d968 x13: ffff07ff8e55db30 x12: 0000000000000000 [ 334.854026] x11: ffffdbacb21532e8 x10: 0000000000000001 x9 : ffffdbac857178ec [ 334.861153] x8 : ffff07ff9f6e5a28 x7 : 0000000000000000 x6 : 000000007c2b3742 [ 334.868279] x5 : ffff2c91ac905000 x4 : ffff2c91ac905000 x3 : ffff07ff9f554400 [ 334.875406] x2 : ffff2c91ac905000 x1 : 0000000000000001 x0 : ffff07ff981029c0 [ 334.882532] Call trace: [ 334.884967] bond_rr_gen_slave_id+0x40/0x124 [bonding] [ 334.890109] bond_xmit_roundrobin_slave_get+0x38/0xdc [bonding] [ 334.896033] __bond_start_xmit+0x128/0x3a0 [bonding] [ 334.901001] bond_start_xmit+0x54/0xb0 [bonding] [ 334.905622] dev_hard_start_xmit+0xb4/0x220 [ 334.909798] __dev_queue_xmit+0x1a0/0x720 [ 334.913799] arp_xmit+0x3c/0xbc [ 334.916932] arp_send_dst+0x98/0xd0 [ 334.920410] arp_solicit+0xe8/0x230 [ 334.923888] neigh_probe+0x60/0xb0 [ 334.927279] __neigh_event_send+0x3b0/0x470 [ 334.931453] neigh_resolve_output+0x70/0x90 [ 334.935626] ip_finish_output2+0x158/0x514 [ 334.939714] __ip_finish_output+0xac/0x1a4 [ 334.943800] ip_finish_output+0x40/0xfc [ 334.947626] ip_output+0xf8/0x1a4 [ 334.950931] ip_send_skb+0x5c/0x100 [ 334.954410] ip_push_pending_frames+0x3c/0x60 [ 334.958758] raw_sendmsg+0x458/0x6d0 [ 334.962325] inet_sendmsg+0x50/0x80 [ 334.965805] sock_sendmsg+0x60/0x6c [ 334.969286] __sys_sendto+0xc8/0x134 [ 334.972853] __arm64_sys_sendto+0x34/0x4c ---truncated---
AI Analysis
Technical Summary
CVE-2022-48640 is a vulnerability identified in the Linux kernel's bonding driver, specifically related to the handling of the Round Robin (RR) mode in network bonding. The bonding driver aggregates multiple network interfaces into a single logical interface for redundancy or increased throughput. The vulnerability arises from a NULL pointer dereference in the bond_rr_gen_slave_id function. When a bond is initially created with a mode other than zero (which corresponds to Round Robin), the memory allocation for the rr_tx_counter (a counter used in Round Robin mode) is not performed. Subsequently, if the bonding mode is switched to Round Robin, the code does not verify whether the necessary memory for rr_tx_counter has been allocated before accessing it. This leads to a NULL dereference and causes a kernel oops (crash) on affected systems, particularly observed on aarch64 architectures. The kernel oops is triggered by a kernel paging request at an invalid virtual address, indicating a severe memory access violation. The stack trace shows the fault occurs within the bonding module during packet transmission functions, which can disrupt normal network operations. This vulnerability can cause denial of service (DoS) conditions by crashing the kernel, leading to system instability or downtime. There is no indication that this vulnerability allows privilege escalation or remote code execution. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue was reserved in February 2024 and published in April 2024, with patches presumably available in updated Linux kernel versions. The vulnerability affects Linux kernel versions containing the specified commit hashes, which correspond to recent kernel trees.
Potential Impact
For European organizations, the impact of CVE-2022-48640 primarily involves potential denial of service due to kernel crashes on systems using Linux bonding with Round Robin mode. This can disrupt network connectivity and availability of critical services, especially in environments relying on bonded interfaces for redundancy and load balancing, such as data centers, cloud providers, telecommunications infrastructure, and enterprise networks. Organizations using aarch64 architecture servers or embedded devices running Linux kernels vulnerable to this issue are particularly at risk. The disruption could affect business continuity, cause service outages, and impact customer-facing applications or internal operations. Although no remote exploitation or privilege escalation is indicated, the DoS impact on network infrastructure components can have cascading effects on dependent systems. European sectors with high reliance on Linux-based networking equipment, including financial services, healthcare, and public administration, may face operational risks if unpatched. The lack of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop exploitation techniques. The vulnerability's impact is limited to systems configured with bonding in Round Robin mode and switching modes dynamically, which may not be widespread but is significant in specialized network setups.
Mitigation Recommendations
1. Apply the latest Linux kernel updates that include the patch fixing CVE-2022-48640 as soon as they become available. Monitor vendor advisories and Linux kernel mailing lists for official patches. 2. Audit network bonding configurations to identify interfaces using Round Robin mode or those that switch bonding modes dynamically. Avoid mode switching on production systems until patched. 3. Where possible, disable bonding mode changes at runtime or restrict bonding mode to stable configurations that do not trigger the vulnerability. 4. Implement kernel crash monitoring and alerting to detect and respond quickly to any kernel oops events related to bonding. 5. For critical systems, consider isolating or segmenting vulnerable devices to limit impact of potential DoS. 6. Test patches in staging environments before deployment to ensure compatibility and stability. 7. Maintain up-to-date backups and disaster recovery plans to mitigate downtime caused by kernel crashes. 8. Engage with Linux distribution vendors for backported patches if using long-term support kernels. 9. Review and harden network infrastructure to reduce reliance on dynamic bonding mode changes and consider alternative redundancy/load balancing mechanisms if feasible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48640: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory required for the counter is never created and when the mode is changed there is never any attempt to verify the memory is allocated upon switching modes. This causes the following Oops on an aarch64 machine: [ 334.686773] Unable to handle kernel paging request at virtual address ffff2c91ac905000 [ 334.694703] Mem abort info: [ 334.697486] ESR = 0x0000000096000004 [ 334.701234] EC = 0x25: DABT (current EL), IL = 32 bits [ 334.706536] SET = 0, FnV = 0 [ 334.709579] EA = 0, S1PTW = 0 [ 334.712719] FSC = 0x04: level 0 translation fault [ 334.717586] Data abort info: [ 334.720454] ISV = 0, ISS = 0x00000004 [ 334.724288] CM = 0, WnR = 0 [ 334.727244] swapper pgtable: 4k pages, 48-bit VAs, pgdp=000008044d662000 [ 334.733944] [ffff2c91ac905000] pgd=0000000000000000, p4d=0000000000000000 [ 334.740734] Internal error: Oops: 96000004 [#1] SMP [ 334.745602] Modules linked in: bonding tls veth rfkill sunrpc arm_spe_pmu vfat fat acpi_ipmi ipmi_ssif ixgbe igb i40e mdio ipmi_devintf ipmi_msghandler arm_cmn arm_dsu_pmu cppc_cpufreq acpi_tad fuse zram crct10dif_ce ast ghash_ce sbsa_gwdt nvme drm_vram_helper drm_ttm_helper nvme_core ttm xgene_hwmon [ 334.772217] CPU: 7 PID: 2214 Comm: ping Not tainted 6.0.0-rc4-00133-g64ae13ed4784 #4 [ 334.779950] Hardware name: GIGABYTE R272-P31-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 [ 334.789244] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 334.796196] pc : bond_rr_gen_slave_id+0x40/0x124 [bonding] [ 334.801691] lr : bond_xmit_roundrobin_slave_get+0x38/0xdc [bonding] [ 334.807962] sp : ffff8000221733e0 [ 334.811265] x29: ffff8000221733e0 x28: ffffdbac8572d198 x27: ffff80002217357c [ 334.818392] x26: 000000000000002a x25: ffffdbacb33ee000 x24: ffff07ff980fa000 [ 334.825519] x23: ffffdbacb2e398ba x22: ffff07ff98102000 x21: ffff07ff981029c0 [ 334.832646] x20: 0000000000000001 x19: ffff07ff981029c0 x18: 0000000000000014 [ 334.839773] x17: 0000000000000000 x16: ffffdbacb1004364 x15: 0000aaaabe2f5a62 [ 334.846899] x14: ffff07ff8e55d968 x13: ffff07ff8e55db30 x12: 0000000000000000 [ 334.854026] x11: ffffdbacb21532e8 x10: 0000000000000001 x9 : ffffdbac857178ec [ 334.861153] x8 : ffff07ff9f6e5a28 x7 : 0000000000000000 x6 : 000000007c2b3742 [ 334.868279] x5 : ffff2c91ac905000 x4 : ffff2c91ac905000 x3 : ffff07ff9f554400 [ 334.875406] x2 : ffff2c91ac905000 x1 : 0000000000000001 x0 : ffff07ff981029c0 [ 334.882532] Call trace: [ 334.884967] bond_rr_gen_slave_id+0x40/0x124 [bonding] [ 334.890109] bond_xmit_roundrobin_slave_get+0x38/0xdc [bonding] [ 334.896033] __bond_start_xmit+0x128/0x3a0 [bonding] [ 334.901001] bond_start_xmit+0x54/0xb0 [bonding] [ 334.905622] dev_hard_start_xmit+0xb4/0x220 [ 334.909798] __dev_queue_xmit+0x1a0/0x720 [ 334.913799] arp_xmit+0x3c/0xbc [ 334.916932] arp_send_dst+0x98/0xd0 [ 334.920410] arp_solicit+0xe8/0x230 [ 334.923888] neigh_probe+0x60/0xb0 [ 334.927279] __neigh_event_send+0x3b0/0x470 [ 334.931453] neigh_resolve_output+0x70/0x90 [ 334.935626] ip_finish_output2+0x158/0x514 [ 334.939714] __ip_finish_output+0xac/0x1a4 [ 334.943800] ip_finish_output+0x40/0xfc [ 334.947626] ip_output+0xf8/0x1a4 [ 334.950931] ip_send_skb+0x5c/0x100 [ 334.954410] ip_push_pending_frames+0x3c/0x60 [ 334.958758] raw_sendmsg+0x458/0x6d0 [ 334.962325] inet_sendmsg+0x50/0x80 [ 334.965805] sock_sendmsg+0x60/0x6c [ 334.969286] __sys_sendto+0xc8/0x134 [ 334.972853] __arm64_sys_sendto+0x34/0x4c ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2022-48640 is a vulnerability identified in the Linux kernel's bonding driver, specifically related to the handling of the Round Robin (RR) mode in network bonding. The bonding driver aggregates multiple network interfaces into a single logical interface for redundancy or increased throughput. The vulnerability arises from a NULL pointer dereference in the bond_rr_gen_slave_id function. When a bond is initially created with a mode other than zero (which corresponds to Round Robin), the memory allocation for the rr_tx_counter (a counter used in Round Robin mode) is not performed. Subsequently, if the bonding mode is switched to Round Robin, the code does not verify whether the necessary memory for rr_tx_counter has been allocated before accessing it. This leads to a NULL dereference and causes a kernel oops (crash) on affected systems, particularly observed on aarch64 architectures. The kernel oops is triggered by a kernel paging request at an invalid virtual address, indicating a severe memory access violation. The stack trace shows the fault occurs within the bonding module during packet transmission functions, which can disrupt normal network operations. This vulnerability can cause denial of service (DoS) conditions by crashing the kernel, leading to system instability or downtime. There is no indication that this vulnerability allows privilege escalation or remote code execution. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue was reserved in February 2024 and published in April 2024, with patches presumably available in updated Linux kernel versions. The vulnerability affects Linux kernel versions containing the specified commit hashes, which correspond to recent kernel trees.
Potential Impact
For European organizations, the impact of CVE-2022-48640 primarily involves potential denial of service due to kernel crashes on systems using Linux bonding with Round Robin mode. This can disrupt network connectivity and availability of critical services, especially in environments relying on bonded interfaces for redundancy and load balancing, such as data centers, cloud providers, telecommunications infrastructure, and enterprise networks. Organizations using aarch64 architecture servers or embedded devices running Linux kernels vulnerable to this issue are particularly at risk. The disruption could affect business continuity, cause service outages, and impact customer-facing applications or internal operations. Although no remote exploitation or privilege escalation is indicated, the DoS impact on network infrastructure components can have cascading effects on dependent systems. European sectors with high reliance on Linux-based networking equipment, including financial services, healthcare, and public administration, may face operational risks if unpatched. The lack of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop exploitation techniques. The vulnerability's impact is limited to systems configured with bonding in Round Robin mode and switching modes dynamically, which may not be widespread but is significant in specialized network setups.
Mitigation Recommendations
1. Apply the latest Linux kernel updates that include the patch fixing CVE-2022-48640 as soon as they become available. Monitor vendor advisories and Linux kernel mailing lists for official patches. 2. Audit network bonding configurations to identify interfaces using Round Robin mode or those that switch bonding modes dynamically. Avoid mode switching on production systems until patched. 3. Where possible, disable bonding mode changes at runtime or restrict bonding mode to stable configurations that do not trigger the vulnerability. 4. Implement kernel crash monitoring and alerting to detect and respond quickly to any kernel oops events related to bonding. 5. For critical systems, consider isolating or segmenting vulnerable devices to limit impact of potential DoS. 6. Test patches in staging environments before deployment to ensure compatibility and stability. 7. Maintain up-to-date backups and disaster recovery plans to mitigate downtime caused by kernel crashes. 8. Engage with Linux distribution vendors for backported patches if using long-term support kernels. 9. Review and harden network infrastructure to reduce reliance on dynamic bonding mode changes and consider alternative redundancy/load balancing mechanisms if feasible.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.316Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5d5a
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 5:58:04 PM
Last updated: 7/26/2025, 11:50:45 PM
Views: 8
Related Threats
CVE-2025-36000: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM WebSphere Application Server Liberty
MediumCVE-2025-55169: CWE-287: Improper Authentication in LabRedesCefetRJ WeGIA
CriticalCVE-2025-43734: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-36124: CWE-268 Privilege Chaining in IBM WebSphere Application Server Liberty
MediumCVE-2025-55168: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.