CVE-2022-48652: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 ("ice: ethtool: Prohibit improper channel config for DCB") already disallow setting less queues than TCs. Another case is if we first set less queues, and later update more TCs config due to LLDP, ice_vsi_cfg_tc() will failed but left dirty num_txq/rxq and tc_cfg in vsi, that will cause invalid pointer access. [ 95.968089] ice 0000:3b:00.1: More TCs defined than queues/rings allocated. [ 95.968092] ice 0000:3b:00.1: Trying to use more Rx queues (8), than were allocated (1)! [ 95.968093] ice 0000:3b:00.1: Failed to config TC for VSI index: 0 [ 95.969621] general protection fault: 0000 [#1] SMP NOPTI [ 95.969705] CPU: 1 PID: 58405 Comm: lldpad Kdump: loaded Tainted: G U W O --------- -t - 4.18.0 #1 [ 95.969867] Hardware name: O.E.M/BC11SPSCB10, BIOS 8.23 12/30/2021 [ 95.969992] RIP: 0010:devm_kmalloc+0xa/0x60 [ 95.970052] Code: 5c ff ff ff 31 c0 5b 5d 41 5c c3 b8 f4 ff ff ff eb f4 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 89 d1 <8b> 97 60 02 00 00 48 8d 7e 18 48 39 f7 72 3f 55 89 ce 53 48 8b 4c [ 95.970344] RSP: 0018:ffffc9003f553888 EFLAGS: 00010206 [ 95.970425] RAX: dead000000000200 RBX: ffffea003c425b00 RCX: 00000000006080c0 [ 95.970536] RDX: 00000000006080c0 RSI: 0000000000000200 RDI: dead000000000200 [ 95.970648] RBP: dead000000000200 R08: 00000000000463c0 R09: ffff888ffa900000 [ 95.970760] R10: 0000000000000000 R11: 0000000000000002 R12: ffff888ff6b40100 [ 95.970870] R13: ffff888ff6a55018 R14: 0000000000000000 R15: ffff888ff6a55460 [ 95.970981] FS: 00007f51b7d24700(0000) GS:ffff88903ee80000(0000) knlGS:0000000000000000 [ 95.971108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.971197] CR2: 00007fac5410d710 CR3: 0000000f2c1de002 CR4: 00000000007606e0 [ 95.971309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.971419] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.971530] PKRU: 55555554 [ 95.971573] Call Trace: [ 95.971622] ice_setup_rx_ring+0x39/0x110 [ice] [ 95.971695] ice_vsi_setup_rx_rings+0x54/0x90 [ice] [ 95.971774] ice_vsi_open+0x25/0x120 [ice] [ 95.971843] ice_open_internal+0xb8/0x1f0 [ice] [ 95.971919] ice_ena_vsi+0x4f/0xd0 [ice] [ 95.971987] ice_dcb_ena_dis_vsi.constprop.5+0x29/0x90 [ice] [ 95.972082] ice_pf_dcb_cfg+0x29a/0x380 [ice] [ 95.972154] ice_dcbnl_setets+0x174/0x1b0 [ice] [ 95.972220] dcbnl_ieee_set+0x89/0x230 [ 95.972279] ? dcbnl_ieee_del+0x150/0x150 [ 95.972341] dcb_doit+0x124/0x1b0 [ 95.972392] rtnetlink_rcv_msg+0x243/0x2f0 [ 95.972457] ? dcb_doit+0x14d/0x1b0 [ 95.972510] ? __kmalloc_node_track_caller+0x1d3/0x280 [ 95.972591] ? rtnl_calcit.isra.31+0x100/0x100 [ 95.972661] netlink_rcv_skb+0xcf/0xf0 [ 95.972720] netlink_unicast+0x16d/0x220 [ 95.972781] netlink_sendmsg+0x2ba/0x3a0 [ 95.975891] sock_sendmsg+0x4c/0x50 [ 95.979032] ___sys_sendmsg+0x2e4/0x300 [ 95.982147] ? kmem_cache_alloc+0x13e/0x190 [ 95.985242] ? __wake_up_common_lock+0x79/0x90 [ 95.988338] ? __check_object_size+0xac/0x1b0 [ 95.991440] ? _copy_to_user+0x22/0x30 [ 95.994539] ? move_addr_to_user+0xbb/0xd0 [ 95.997619] ? __sys_sendmsg+0x53/0x80 [ 96.000664] __sys_sendmsg+0x53/0x80 [ 96.003747] do_syscall_64+0x5b/0x1d0 [ 96.006862] entry_SYSCALL_64_after_hwframe+0x65/0xca Only update num_txq/rxq when passed check, and restore tc_cfg if setup queue map failed.
AI Analysis
Technical Summary
CVE-2022-48652 is a vulnerability identified in the Linux kernel's 'ice' network driver, which manages Intel Ethernet controllers. The issue arises from improper handling of Traffic Classes (TCs) and queue allocations within the driver. Specifically, the vulnerability occurs when the number of allocated queues is less than the number of Traffic Classes configured. Although a prior commit (a632b2a4c920) disallowed setting fewer queues than TCs, this vulnerability manifests in a scenario where initially fewer queues are set, and subsequently, the number of TCs is increased due to Link Layer Discovery Protocol (LLDP) updates. In such cases, the function ice_vsi_cfg_tc() fails but leaves the internal state inconsistent by retaining dirty num_txq/rxq values and tc_cfg in the Virtual Station Interface (VSI) structure. This inconsistency leads to invalid pointer dereferences and ultimately causes a kernel crash, evidenced by general protection faults and stack traces indicating faults in devm_kmalloc and ice_setup_rx_ring functions. The crash results from attempts to use more receive queues than were allocated, leading to memory corruption and system instability. The vulnerability affects Linux kernel versions containing the specified commits and impacts systems using the Intel 'ice' driver for Ethernet devices. The root cause is a logic flaw in queue and TC configuration synchronization, which can be triggered by network configuration changes via LLDP. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running Linux kernels with the affected 'ice' driver managing Intel Ethernet hardware. The impact includes potential denial of service (DoS) due to kernel crashes, leading to system reboots or outages. This can disrupt critical network services, especially in data centers, cloud providers, and enterprises relying on high-availability Linux-based networking equipment. Confidentiality and integrity impacts are minimal as the vulnerability does not directly enable code execution or privilege escalation; however, the resulting instability could be exploited to cause operational disruptions. Organizations with automated network management using LLDP or dynamic traffic class configurations are more susceptible, as these can trigger the faulty state. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely deployed Linux kernels and Intel NICs means that attackers could develop exploits, especially targeting network infrastructure. The impact is significant for sectors requiring continuous network uptime, such as telecommunications, finance, and critical infrastructure within Europe.
Mitigation Recommendations
To mitigate CVE-2022-48652, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 2) Temporarily avoid dynamic changes to Traffic Classes or queue configurations on affected Intel 'ice' network interfaces, especially those triggered by LLDP or similar protocols. 3) Monitor kernel logs for messages indicating mismatches between queues and TCs or general protection faults related to the 'ice' driver to detect potential exploitation attempts or instability. 4) In environments where patching is delayed, consider disabling or limiting the use of the 'ice' driver or replacing affected hardware with alternatives not impacted by this issue. 5) Implement robust network segmentation and redundancy to minimize the impact of potential DoS conditions caused by this vulnerability. 6) Coordinate with hardware and Linux distribution vendors to receive timely updates and advisories. These steps go beyond generic advice by focusing on configuration management and proactive monitoring specific to the vulnerability's trigger conditions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48652: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 ("ice: ethtool: Prohibit improper channel config for DCB") already disallow setting less queues than TCs. Another case is if we first set less queues, and later update more TCs config due to LLDP, ice_vsi_cfg_tc() will failed but left dirty num_txq/rxq and tc_cfg in vsi, that will cause invalid pointer access. [ 95.968089] ice 0000:3b:00.1: More TCs defined than queues/rings allocated. [ 95.968092] ice 0000:3b:00.1: Trying to use more Rx queues (8), than were allocated (1)! [ 95.968093] ice 0000:3b:00.1: Failed to config TC for VSI index: 0 [ 95.969621] general protection fault: 0000 [#1] SMP NOPTI [ 95.969705] CPU: 1 PID: 58405 Comm: lldpad Kdump: loaded Tainted: G U W O --------- -t - 4.18.0 #1 [ 95.969867] Hardware name: O.E.M/BC11SPSCB10, BIOS 8.23 12/30/2021 [ 95.969992] RIP: 0010:devm_kmalloc+0xa/0x60 [ 95.970052] Code: 5c ff ff ff 31 c0 5b 5d 41 5c c3 b8 f4 ff ff ff eb f4 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 89 d1 <8b> 97 60 02 00 00 48 8d 7e 18 48 39 f7 72 3f 55 89 ce 53 48 8b 4c [ 95.970344] RSP: 0018:ffffc9003f553888 EFLAGS: 00010206 [ 95.970425] RAX: dead000000000200 RBX: ffffea003c425b00 RCX: 00000000006080c0 [ 95.970536] RDX: 00000000006080c0 RSI: 0000000000000200 RDI: dead000000000200 [ 95.970648] RBP: dead000000000200 R08: 00000000000463c0 R09: ffff888ffa900000 [ 95.970760] R10: 0000000000000000 R11: 0000000000000002 R12: ffff888ff6b40100 [ 95.970870] R13: ffff888ff6a55018 R14: 0000000000000000 R15: ffff888ff6a55460 [ 95.970981] FS: 00007f51b7d24700(0000) GS:ffff88903ee80000(0000) knlGS:0000000000000000 [ 95.971108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.971197] CR2: 00007fac5410d710 CR3: 0000000f2c1de002 CR4: 00000000007606e0 [ 95.971309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.971419] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.971530] PKRU: 55555554 [ 95.971573] Call Trace: [ 95.971622] ice_setup_rx_ring+0x39/0x110 [ice] [ 95.971695] ice_vsi_setup_rx_rings+0x54/0x90 [ice] [ 95.971774] ice_vsi_open+0x25/0x120 [ice] [ 95.971843] ice_open_internal+0xb8/0x1f0 [ice] [ 95.971919] ice_ena_vsi+0x4f/0xd0 [ice] [ 95.971987] ice_dcb_ena_dis_vsi.constprop.5+0x29/0x90 [ice] [ 95.972082] ice_pf_dcb_cfg+0x29a/0x380 [ice] [ 95.972154] ice_dcbnl_setets+0x174/0x1b0 [ice] [ 95.972220] dcbnl_ieee_set+0x89/0x230 [ 95.972279] ? dcbnl_ieee_del+0x150/0x150 [ 95.972341] dcb_doit+0x124/0x1b0 [ 95.972392] rtnetlink_rcv_msg+0x243/0x2f0 [ 95.972457] ? dcb_doit+0x14d/0x1b0 [ 95.972510] ? __kmalloc_node_track_caller+0x1d3/0x280 [ 95.972591] ? rtnl_calcit.isra.31+0x100/0x100 [ 95.972661] netlink_rcv_skb+0xcf/0xf0 [ 95.972720] netlink_unicast+0x16d/0x220 [ 95.972781] netlink_sendmsg+0x2ba/0x3a0 [ 95.975891] sock_sendmsg+0x4c/0x50 [ 95.979032] ___sys_sendmsg+0x2e4/0x300 [ 95.982147] ? kmem_cache_alloc+0x13e/0x190 [ 95.985242] ? __wake_up_common_lock+0x79/0x90 [ 95.988338] ? __check_object_size+0xac/0x1b0 [ 95.991440] ? _copy_to_user+0x22/0x30 [ 95.994539] ? move_addr_to_user+0xbb/0xd0 [ 95.997619] ? __sys_sendmsg+0x53/0x80 [ 96.000664] __sys_sendmsg+0x53/0x80 [ 96.003747] do_syscall_64+0x5b/0x1d0 [ 96.006862] entry_SYSCALL_64_after_hwframe+0x65/0xca Only update num_txq/rxq when passed check, and restore tc_cfg if setup queue map failed.
AI-Powered Analysis
Technical Analysis
CVE-2022-48652 is a vulnerability identified in the Linux kernel's 'ice' network driver, which manages Intel Ethernet controllers. The issue arises from improper handling of Traffic Classes (TCs) and queue allocations within the driver. Specifically, the vulnerability occurs when the number of allocated queues is less than the number of Traffic Classes configured. Although a prior commit (a632b2a4c920) disallowed setting fewer queues than TCs, this vulnerability manifests in a scenario where initially fewer queues are set, and subsequently, the number of TCs is increased due to Link Layer Discovery Protocol (LLDP) updates. In such cases, the function ice_vsi_cfg_tc() fails but leaves the internal state inconsistent by retaining dirty num_txq/rxq values and tc_cfg in the Virtual Station Interface (VSI) structure. This inconsistency leads to invalid pointer dereferences and ultimately causes a kernel crash, evidenced by general protection faults and stack traces indicating faults in devm_kmalloc and ice_setup_rx_ring functions. The crash results from attempts to use more receive queues than were allocated, leading to memory corruption and system instability. The vulnerability affects Linux kernel versions containing the specified commits and impacts systems using the Intel 'ice' driver for Ethernet devices. The root cause is a logic flaw in queue and TC configuration synchronization, which can be triggered by network configuration changes via LLDP. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running Linux kernels with the affected 'ice' driver managing Intel Ethernet hardware. The impact includes potential denial of service (DoS) due to kernel crashes, leading to system reboots or outages. This can disrupt critical network services, especially in data centers, cloud providers, and enterprises relying on high-availability Linux-based networking equipment. Confidentiality and integrity impacts are minimal as the vulnerability does not directly enable code execution or privilege escalation; however, the resulting instability could be exploited to cause operational disruptions. Organizations with automated network management using LLDP or dynamic traffic class configurations are more susceptible, as these can trigger the faulty state. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely deployed Linux kernels and Intel NICs means that attackers could develop exploits, especially targeting network infrastructure. The impact is significant for sectors requiring continuous network uptime, such as telecommunications, finance, and critical infrastructure within Europe.
Mitigation Recommendations
To mitigate CVE-2022-48652, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distributions. 2) Temporarily avoid dynamic changes to Traffic Classes or queue configurations on affected Intel 'ice' network interfaces, especially those triggered by LLDP or similar protocols. 3) Monitor kernel logs for messages indicating mismatches between queues and TCs or general protection faults related to the 'ice' driver to detect potential exploitation attempts or instability. 4) In environments where patching is delayed, consider disabling or limiting the use of the 'ice' driver or replacing affected hardware with alternatives not impacted by this issue. 5) Implement robust network segmentation and redundancy to minimize the impact of potential DoS conditions caused by this vulnerability. 6) Coordinate with hardware and Linux distribution vendors to receive timely updates and advisories. These steps go beyond generic advice by focusing on configuration management and proactive monitoring specific to the vulnerability's trigger conditions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.317Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd4cb
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 11:55:12 PM
Last updated: 8/3/2025, 12:55:27 PM
Views: 11
Related Threats
CVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumCVE-2025-9051: SQL Injection in projectworlds Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.