CVE-2022-48850: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed. [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called ... [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null) [ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280 crash> bt ... PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd" ... #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778 [exception RIP: dma_pool_alloc+0x1ab] RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046 RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090 RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00 R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0 R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core] #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core] #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core] #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core] #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core] #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core] #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core] #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46 #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208 #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3 #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596 #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10 #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5 #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92 crash> net_device.state ffff89443b0c0000 state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER) To prevent this scenario, we also make sure that the netdevice is present.
AI Analysis
Technical Summary
CVE-2022-48850 is a vulnerability identified in the Linux kernel's networking subsystem, specifically within the net-sysfs interface. The issue arises when the system attempts to access sysfs entries related to a network device (netdevice) that has already been removed or is in the process of being shut down. The vulnerability manifests as a kernel panic triggered by a NULL pointer dereference during the execution of the speed_show function, which is responsible for reporting the speed of a network device via sysfs. The root cause is the lack of a proper check to confirm the presence of the netdevice before accessing its attributes. This leads to a crash when the kernel tries to allocate DMA memory (dma_pool_alloc) for a device that no longer exists, as demonstrated by the stack trace involving mlx5_core (Mellanox network driver) functions. The panic can occur during device shutdown or system shutdown sequences, potentially causing system instability or downtime. The vulnerability affects Linux kernel versions identified by a specific commit hash (1da177e4c3f41524e886b7f1b8a0c1fc7321cac2) and has been addressed by adding a check to ensure the netdevice is present before accessing its sysfs attributes. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, the impact of CVE-2022-48850 primarily concerns systems running Linux kernels with affected versions, especially those utilizing Mellanox network adapters or similar hardware relying on the mlx5_core driver. The vulnerability can cause unexpected kernel panics during network device shutdown or system shutdown, leading to unplanned outages, potential data loss, and disruption of critical services. This is particularly significant for data centers, cloud service providers, and enterprises relying on high-availability Linux-based infrastructure. The disruption could affect network reliability and availability, impacting business continuity. Although the vulnerability does not appear to allow remote code execution or privilege escalation directly, the denial of service through kernel panic can be exploited by attackers with local access or through crafted shutdown sequences, potentially as part of a broader attack chain. Given the widespread use of Linux in European IT environments, including government, finance, telecommunications, and industrial control systems, the risk of operational impact is notable.
Mitigation Recommendations
To mitigate CVE-2022-48850, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring the kernel version includes the added netdevice presence check in net-sysfs speed_show. 2) Prioritize patching systems using Mellanox network adapters or similar hardware drivers (mlx5_core), as these are directly implicated in the crash scenario. 3) Implement rigorous testing of kernel updates in staging environments to verify stability during device shutdown and system shutdown sequences. 4) Monitor system logs for kernel panics or crashes related to network device removal or sysfs access, enabling early detection of potential exploitation attempts or instability. 5) Where possible, configure system shutdown procedures to gracefully handle network device teardown, reducing the likelihood of triggering the vulnerability. 6) Limit local access to critical Linux systems to trusted personnel and employ strong access controls to reduce the risk of local exploitation. 7) Maintain up-to-date backups and disaster recovery plans to mitigate the impact of unexpected system crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48850: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed. [ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called [ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called ... [ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null) [ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280 crash> bt ... PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd" ... #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778 [exception RIP: dma_pool_alloc+0x1ab] RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046 RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090 RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00 R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0 R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core] #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core] #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core] #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core] #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core] #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core] #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core] #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46 #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208 #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3 #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596 #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10 #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5 #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92 crash> net_device.state ffff89443b0c0000 state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER) To prevent this scenario, we also make sure that the netdevice is present.
AI-Powered Analysis
Technical Analysis
CVE-2022-48850 is a vulnerability identified in the Linux kernel's networking subsystem, specifically within the net-sysfs interface. The issue arises when the system attempts to access sysfs entries related to a network device (netdevice) that has already been removed or is in the process of being shut down. The vulnerability manifests as a kernel panic triggered by a NULL pointer dereference during the execution of the speed_show function, which is responsible for reporting the speed of a network device via sysfs. The root cause is the lack of a proper check to confirm the presence of the netdevice before accessing its attributes. This leads to a crash when the kernel tries to allocate DMA memory (dma_pool_alloc) for a device that no longer exists, as demonstrated by the stack trace involving mlx5_core (Mellanox network driver) functions. The panic can occur during device shutdown or system shutdown sequences, potentially causing system instability or downtime. The vulnerability affects Linux kernel versions identified by a specific commit hash (1da177e4c3f41524e886b7f1b8a0c1fc7321cac2) and has been addressed by adding a check to ensure the netdevice is present before accessing its sysfs attributes. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, the impact of CVE-2022-48850 primarily concerns systems running Linux kernels with affected versions, especially those utilizing Mellanox network adapters or similar hardware relying on the mlx5_core driver. The vulnerability can cause unexpected kernel panics during network device shutdown or system shutdown, leading to unplanned outages, potential data loss, and disruption of critical services. This is particularly significant for data centers, cloud service providers, and enterprises relying on high-availability Linux-based infrastructure. The disruption could affect network reliability and availability, impacting business continuity. Although the vulnerability does not appear to allow remote code execution or privilege escalation directly, the denial of service through kernel panic can be exploited by attackers with local access or through crafted shutdown sequences, potentially as part of a broader attack chain. Given the widespread use of Linux in European IT environments, including government, finance, telecommunications, and industrial control systems, the risk of operational impact is notable.
Mitigation Recommendations
To mitigate CVE-2022-48850, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring the kernel version includes the added netdevice presence check in net-sysfs speed_show. 2) Prioritize patching systems using Mellanox network adapters or similar hardware drivers (mlx5_core), as these are directly implicated in the crash scenario. 3) Implement rigorous testing of kernel updates in staging environments to verify stability during device shutdown and system shutdown sequences. 4) Monitor system logs for kernel panics or crashes related to network device removal or sysfs access, enabling early detection of potential exploitation attempts or instability. 5) Where possible, configure system shutdown procedures to gracefully handle network device teardown, reducing the likelihood of triggering the vulnerability. 6) Limit local access to critical Linux systems to trusted personnel and employ strong access controls to reduce the risk of local exploitation. 7) Maintain up-to-date backups and disaster recovery plans to mitigate the impact of unexpected system crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.912Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6392
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 6/30/2025, 10:42:02 PM
Last updated: 8/12/2025, 11:14:58 AM
Views: 16
Related Threats
CVE-2025-55345: CWE-61 UNIX Symbolic Link (Symlink) Following
HighCVE-2025-6184: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in themeum Tutor LMS Pro
HighCVE-2025-8762: Improper Physical Access Control in INSTAR 2K+
HighCVE-2025-8761: Denial of Service in INSTAR 2K+
HighCVE-2025-8760: Buffer Overflow in INSTAR 2K+
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.