CVE-2022-48645: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers crashes the kernel: $ echo 1 > /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001 fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15 fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002) fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0 $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \ sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2 Unable to handle kernel paging request at virtual address ffff800009551a08 Internal error: Oops: 96000007 [#1] PREEMPT SMP pc : enetc_setup_tc_taprio+0x170/0x47c lr : enetc_setup_tc_taprio+0x16c/0x47c Call trace: enetc_setup_tc_taprio+0x170/0x47c enetc_setup_tc+0x38/0x2dc taprio_change+0x43c/0x970 taprio_init+0x188/0x1e0 qdisc_create+0x114/0x470 tc_modify_qdisc+0x1fc/0x6c0 rtnetlink_rcv_msg+0x12c/0x390 Split enetc_setup_tc() into separate functions for the PF and for the VF drivers. Also remove enetc_qos.o from being included into enetc-vf.ko, since it serves absolutely no purpose there.
AI Analysis
Technical Summary
CVE-2022-48645 is a vulnerability identified in the Linux kernel's ENETC (Ethernet Controller) driver, specifically related to the handling of Time-Sensitive Networking (TSN) features on Virtual Function (VF) interfaces. TSN features such as taprio, cbs, gate, and police are configured via a combination of command BD ring messages and port registers. The port registers are part of the ENETC memory map and are only accessible from the PCIe Physical Function (PF), not from the Virtual Functions. However, the vulnerability arises because attempts to offload TSN features on VF interfaces incorrectly try to access these port registers, which are inaccessible from VFs. This results in a kernel crash due to an invalid kernel paging request, causing a denial of service (DoS) condition. The root cause is improper separation of functionality between PF and VF drivers, with the VF driver erroneously including code (enetc_qos.o) that should only be part of the PF driver. The fix involved splitting the enetc_setup_tc() function into separate PF and VF components and removing the unnecessary QoS module from the VF driver. This vulnerability can be triggered by sending specific traffic control (tc) commands to the VF interface, leading to kernel panic and system instability.
Potential Impact
For European organizations relying on Linux systems with ENETC network interfaces, particularly those using virtualization with SR-IOV (Single Root I/O Virtualization) and TSN features, this vulnerability poses a risk of kernel crashes and denial of service. This can disrupt critical network functions, especially in environments where TSN is used to guarantee deterministic network behavior, such as industrial automation, telecommunications, and real-time data processing. The impact extends to any virtualized workloads running on affected hardware, potentially causing service outages or degraded performance. Since the vulnerability leads to kernel panics, it affects system availability and could require manual intervention to restore service. Although no known exploits are reported in the wild, the ease of triggering the crash via standard traffic control commands on VF interfaces makes it a significant operational risk. Confidentiality and integrity are less directly impacted, but availability degradation can have cascading effects on business continuity and operational technology systems.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that separate the PF and VF driver functionalities and remove the QoS module from the VF driver as soon as they become available. Until patches are deployed, organizations should restrict or disable the use of TSN offload features on VF interfaces, especially in virtualized environments using SR-IOV. Network administrators should monitor and control traffic control (tc) commands issued to VF interfaces to prevent malicious or accidental triggering of the vulnerability. Additionally, organizations should audit their use of ENETC hardware and verify whether their Linux kernel versions include the fix. For critical systems, consider isolating affected network functions or using alternative network interface hardware that does not expose this vulnerability. Implementing robust monitoring and alerting for kernel crashes and network interface errors can help detect exploitation attempts early. Finally, coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and support.
Affected Countries
Germany, France, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-48645: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers crashes the kernel: $ echo 1 > /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001 fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15 fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002) fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0 $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \ sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2 Unable to handle kernel paging request at virtual address ffff800009551a08 Internal error: Oops: 96000007 [#1] PREEMPT SMP pc : enetc_setup_tc_taprio+0x170/0x47c lr : enetc_setup_tc_taprio+0x16c/0x47c Call trace: enetc_setup_tc_taprio+0x170/0x47c enetc_setup_tc+0x38/0x2dc taprio_change+0x43c/0x970 taprio_init+0x188/0x1e0 qdisc_create+0x114/0x470 tc_modify_qdisc+0x1fc/0x6c0 rtnetlink_rcv_msg+0x12c/0x390 Split enetc_setup_tc() into separate functions for the PF and for the VF drivers. Also remove enetc_qos.o from being included into enetc-vf.ko, since it serves absolutely no purpose there.
AI-Powered Analysis
Technical Analysis
CVE-2022-48645 is a vulnerability identified in the Linux kernel's ENETC (Ethernet Controller) driver, specifically related to the handling of Time-Sensitive Networking (TSN) features on Virtual Function (VF) interfaces. TSN features such as taprio, cbs, gate, and police are configured via a combination of command BD ring messages and port registers. The port registers are part of the ENETC memory map and are only accessible from the PCIe Physical Function (PF), not from the Virtual Functions. However, the vulnerability arises because attempts to offload TSN features on VF interfaces incorrectly try to access these port registers, which are inaccessible from VFs. This results in a kernel crash due to an invalid kernel paging request, causing a denial of service (DoS) condition. The root cause is improper separation of functionality between PF and VF drivers, with the VF driver erroneously including code (enetc_qos.o) that should only be part of the PF driver. The fix involved splitting the enetc_setup_tc() function into separate PF and VF components and removing the unnecessary QoS module from the VF driver. This vulnerability can be triggered by sending specific traffic control (tc) commands to the VF interface, leading to kernel panic and system instability.
Potential Impact
For European organizations relying on Linux systems with ENETC network interfaces, particularly those using virtualization with SR-IOV (Single Root I/O Virtualization) and TSN features, this vulnerability poses a risk of kernel crashes and denial of service. This can disrupt critical network functions, especially in environments where TSN is used to guarantee deterministic network behavior, such as industrial automation, telecommunications, and real-time data processing. The impact extends to any virtualized workloads running on affected hardware, potentially causing service outages or degraded performance. Since the vulnerability leads to kernel panics, it affects system availability and could require manual intervention to restore service. Although no known exploits are reported in the wild, the ease of triggering the crash via standard traffic control commands on VF interfaces makes it a significant operational risk. Confidentiality and integrity are less directly impacted, but availability degradation can have cascading effects on business continuity and operational technology systems.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that separate the PF and VF driver functionalities and remove the QoS module from the VF driver as soon as they become available. Until patches are deployed, organizations should restrict or disable the use of TSN offload features on VF interfaces, especially in virtualized environments using SR-IOV. Network administrators should monitor and control traffic control (tc) commands issued to VF interfaces to prevent malicious or accidental triggering of the vulnerability. Additionally, organizations should audit their use of ENETC hardware and verify whether their Linux kernel versions include the fix. For critical systems, consider isolating affected network functions or using alternative network interface hardware that does not expose this vulnerability. Implementing robust monitoring and alerting for kernel crashes and network interface errors can help detect exploitation attempts early. Finally, coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and support.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.316Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5d92
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 6:11:41 PM
Last updated: 12/2/2025, 7:27:40 AM
Views: 33
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-13685: CWE-352 Cross-Site Request Forgery (CSRF) in ays-pro Photo Gallery by Ays – Responsive Image Gallery
MediumCVE-2025-13140: CWE-352 Cross-Site Request Forgery (CSRF) in devsoftbaltic SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
MediumCVE-2025-13007: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in adreastrian WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More)
MediumCVE-2025-12483: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in themeisle Visualizer: Tables and Charts Manager for WordPress
MediumCVE-2025-13001: CWE-89 SQL Injection in donation
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.