CVE-2022-48645: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers crashes the kernel: $ echo 1 > /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001 fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15 fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002) fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0 $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \ sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2 Unable to handle kernel paging request at virtual address ffff800009551a08 Internal error: Oops: 96000007 [#1] PREEMPT SMP pc : enetc_setup_tc_taprio+0x170/0x47c lr : enetc_setup_tc_taprio+0x16c/0x47c Call trace: enetc_setup_tc_taprio+0x170/0x47c enetc_setup_tc+0x38/0x2dc taprio_change+0x43c/0x970 taprio_init+0x188/0x1e0 qdisc_create+0x114/0x470 tc_modify_qdisc+0x1fc/0x6c0 rtnetlink_rcv_msg+0x12c/0x390 Split enetc_setup_tc() into separate functions for the PF and for the VF drivers. Also remove enetc_qos.o from being included into enetc-vf.ko, since it serves absolutely no purpose there.
AI Analysis
Technical Summary
CVE-2022-48645 is a vulnerability identified in the Linux kernel's ENETC (Ethernet Controller) driver, specifically related to the handling of Time-Sensitive Networking (TSN) features on Virtual Function (VF) interfaces. TSN features such as taprio, cbs, gate, and police are configured via a combination of command BD ring messages and port registers. The port registers are part of the ENETC memory map and are only accessible from the PCIe Physical Function (PF), not from the Virtual Functions. However, the vulnerability arises because attempts to offload TSN features on VF interfaces incorrectly try to access these port registers, which are inaccessible from VFs. This results in a kernel crash due to an invalid kernel paging request, causing a denial of service (DoS) condition. The root cause is improper separation of functionality between PF and VF drivers, with the VF driver erroneously including code (enetc_qos.o) that should only be part of the PF driver. The fix involved splitting the enetc_setup_tc() function into separate PF and VF components and removing the unnecessary QoS module from the VF driver. This vulnerability can be triggered by sending specific traffic control (tc) commands to the VF interface, leading to kernel panic and system instability.
Potential Impact
For European organizations relying on Linux systems with ENETC network interfaces, particularly those using virtualization with SR-IOV (Single Root I/O Virtualization) and TSN features, this vulnerability poses a risk of kernel crashes and denial of service. This can disrupt critical network functions, especially in environments where TSN is used to guarantee deterministic network behavior, such as industrial automation, telecommunications, and real-time data processing. The impact extends to any virtualized workloads running on affected hardware, potentially causing service outages or degraded performance. Since the vulnerability leads to kernel panics, it affects system availability and could require manual intervention to restore service. Although no known exploits are reported in the wild, the ease of triggering the crash via standard traffic control commands on VF interfaces makes it a significant operational risk. Confidentiality and integrity are less directly impacted, but availability degradation can have cascading effects on business continuity and operational technology systems.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that separate the PF and VF driver functionalities and remove the QoS module from the VF driver as soon as they become available. Until patches are deployed, organizations should restrict or disable the use of TSN offload features on VF interfaces, especially in virtualized environments using SR-IOV. Network administrators should monitor and control traffic control (tc) commands issued to VF interfaces to prevent malicious or accidental triggering of the vulnerability. Additionally, organizations should audit their use of ENETC hardware and verify whether their Linux kernel versions include the fix. For critical systems, consider isolating affected network functions or using alternative network interface hardware that does not expose this vulnerability. Implementing robust monitoring and alerting for kernel crashes and network interface errors can help detect exploitation attempts early. Finally, coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and support.
Affected Countries
Germany, France, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-48645: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers crashes the kernel: $ echo 1 > /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001 fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15 fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002) fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0 $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \ sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2 Unable to handle kernel paging request at virtual address ffff800009551a08 Internal error: Oops: 96000007 [#1] PREEMPT SMP pc : enetc_setup_tc_taprio+0x170/0x47c lr : enetc_setup_tc_taprio+0x16c/0x47c Call trace: enetc_setup_tc_taprio+0x170/0x47c enetc_setup_tc+0x38/0x2dc taprio_change+0x43c/0x970 taprio_init+0x188/0x1e0 qdisc_create+0x114/0x470 tc_modify_qdisc+0x1fc/0x6c0 rtnetlink_rcv_msg+0x12c/0x390 Split enetc_setup_tc() into separate functions for the PF and for the VF drivers. Also remove enetc_qos.o from being included into enetc-vf.ko, since it serves absolutely no purpose there.
AI-Powered Analysis
Technical Analysis
CVE-2022-48645 is a vulnerability identified in the Linux kernel's ENETC (Ethernet Controller) driver, specifically related to the handling of Time-Sensitive Networking (TSN) features on Virtual Function (VF) interfaces. TSN features such as taprio, cbs, gate, and police are configured via a combination of command BD ring messages and port registers. The port registers are part of the ENETC memory map and are only accessible from the PCIe Physical Function (PF), not from the Virtual Functions. However, the vulnerability arises because attempts to offload TSN features on VF interfaces incorrectly try to access these port registers, which are inaccessible from VFs. This results in a kernel crash due to an invalid kernel paging request, causing a denial of service (DoS) condition. The root cause is improper separation of functionality between PF and VF drivers, with the VF driver erroneously including code (enetc_qos.o) that should only be part of the PF driver. The fix involved splitting the enetc_setup_tc() function into separate PF and VF components and removing the unnecessary QoS module from the VF driver. This vulnerability can be triggered by sending specific traffic control (tc) commands to the VF interface, leading to kernel panic and system instability.
Potential Impact
For European organizations relying on Linux systems with ENETC network interfaces, particularly those using virtualization with SR-IOV (Single Root I/O Virtualization) and TSN features, this vulnerability poses a risk of kernel crashes and denial of service. This can disrupt critical network functions, especially in environments where TSN is used to guarantee deterministic network behavior, such as industrial automation, telecommunications, and real-time data processing. The impact extends to any virtualized workloads running on affected hardware, potentially causing service outages or degraded performance. Since the vulnerability leads to kernel panics, it affects system availability and could require manual intervention to restore service. Although no known exploits are reported in the wild, the ease of triggering the crash via standard traffic control commands on VF interfaces makes it a significant operational risk. Confidentiality and integrity are less directly impacted, but availability degradation can have cascading effects on business continuity and operational technology systems.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that separate the PF and VF driver functionalities and remove the QoS module from the VF driver as soon as they become available. Until patches are deployed, organizations should restrict or disable the use of TSN offload features on VF interfaces, especially in virtualized environments using SR-IOV. Network administrators should monitor and control traffic control (tc) commands issued to VF interfaces to prevent malicious or accidental triggering of the vulnerability. Additionally, organizations should audit their use of ENETC hardware and verify whether their Linux kernel versions include the fix. For critical systems, consider isolating affected network functions or using alternative network interface hardware that does not expose this vulnerability. Implementing robust monitoring and alerting for kernel crashes and network interface errors can help detect exploitation attempts early. Finally, coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and support.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.316Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5d92
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:11:41 PM
Last updated: 8/1/2025, 6:23:29 PM
Views: 15
Related Threats
CVE-2025-8864: CWE-532 Insertion of Sensitive Information into Log File in YugabyteDB Inc YugabyteDB Anywhere
MediumCVE-2025-8851: Stack-based Buffer Overflow in LibTIFF
MediumCVE-2025-8863: CWE-319 Cleartext Transmission of Sensitive Information in YugabyteDB Inc YugabyteDB
HighCVE-2025-8847: Cross Site Scripting in yangzongzhuan RuoYi
MediumCVE-2025-8839: Improper Authorization in jshERP
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.