CVE-2022-49869: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for the entire duration and some datastructures may be freed during the sequence. Check for the BNXT_STATE_OPEN flag instead of netif_running() to ensure that the device is fully operational before proceeding to reconfigure the coalescing settings. This will fix a possible crash like this: BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 10 PID: 181276 Comm: ethtool Kdump: loaded Tainted: G IOE --------- - - 4.18.0-348.el8.x86_64 #1 Hardware name: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 08/15/2019 RIP: 0010:bnxt_hwrm_set_coal+0x1fb/0x2a0 [bnxt_en] Code: c2 66 83 4e 22 08 66 89 46 1c e8 10 cb 00 00 41 83 c6 01 44 39 b3 68 01 00 00 0f 8e a3 00 00 00 48 8b 93 c8 00 00 00 49 63 c6 <48> 8b 2c c2 48 8b 85 b8 02 00 00 48 85 c0 74 2e 48 8b 74 24 08 f6 RSP: 0018:ffffb11c8dcaba50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8d168a8b0ac0 RCX: 00000000000000c5 RDX: 0000000000000000 RSI: ffff8d162f72c000 RDI: ffff8d168a8b0b28 RBP: 0000000000000000 R08: b6e1f68a12e9a7eb R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000037 R12: ffff8d168a8b109c R13: ffff8d168a8b10aa R14: 0000000000000000 R15: ffffffffc01ac4e0 FS: 00007f3852e4c740(0000) GS:ffff8d24c0080000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000041b3ee003 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ethnl_set_coalesce+0x3ce/0x4c0 genl_family_rcv_msg_doit.isra.15+0x10f/0x150 genl_family_rcv_msg+0xb3/0x160 ? coalesce_fill_reply+0x480/0x480 genl_rcv_msg+0x47/0x90 ? genl_family_rcv_msg+0x160/0x160 netlink_rcv_skb+0x4c/0x120 genl_rcv+0x24/0x40 netlink_unicast+0x196/0x230 netlink_sendmsg+0x204/0x3d0 sock_sendmsg+0x4c/0x50 __sys_sendto+0xee/0x160 ? syscall_trace_enter+0x1d3/0x2c0 ? __audit_syscall_exit+0x249/0x2a0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x5b/0x1a0 entry_SYSCALL_64_after_hwframe+0x65/0xca RIP: 0033:0x7f38524163bb
AI Analysis
Technical Summary
CVE-2022-49869 is a vulnerability identified in the Linux kernel's bnxt_en network driver, which is responsible for managing Broadcom NetXtreme-E Ethernet devices. The flaw arises during the error recovery sequence in the function bnxt_hwrm_set_coal(), which configures coalescing settings for the network device. Specifically, the issue is due to improper locking: the rtnl_lock (a kernel lock protecting network device data structures) is not held for the entire duration of the recovery process. Consequently, some data structures may be freed while still being accessed, leading to a potential NULL pointer dereference and kernel crash (kernel oops). The vulnerability manifests as a crash triggered by a NULL pointer dereference at address 0x0, as evidenced by the provided kernel oops log. The root cause is the incorrect check of the device state using netif_running(), which does not guarantee the device is fully operational. The fix involves checking the BNXT_STATE_OPEN flag instead, ensuring the device is in a proper state before reconfiguring coalescing settings. This vulnerability affects Linux kernel versions containing the bnxt_en driver with the described code path, including versions used in enterprise Linux distributions such as RHEL 8. The vulnerability does not appear to have known exploits in the wild as of the publication date. However, exploitation could cause denial of service (DoS) by crashing the kernel, leading to system instability or reboot. Since the flaw is in a kernel driver, exploitation requires local access or the ability to trigger the vulnerable code path, such as through ethtool commands or network device configuration utilities. No authentication bypass or privilege escalation is indicated, but the impact on availability can be significant on affected systems. No CVSS score is assigned yet, and no patch links are provided in the data, but the fix involves proper locking and state checking in the bnxt_en driver code.
Potential Impact
For European organizations, the impact of CVE-2022-49869 centers primarily on availability and operational stability of Linux-based servers and network infrastructure using Broadcom NetXtreme-E Ethernet adapters. Many enterprise-grade servers in Europe run Linux distributions such as RHEL, CentOS, Ubuntu, and SUSE, which may include the vulnerable bnxt_en driver. A successful trigger of this vulnerability can cause kernel crashes, resulting in system downtime, potential data loss, and disruption of critical services. This is particularly concerning for data centers, cloud providers, telecom operators, and financial institutions relying on high-availability Linux servers. Although the vulnerability does not provide direct privilege escalation or remote code execution, the denial of service can be leveraged as part of a larger attack chain or cause significant operational impact. The requirement for local or privileged access to trigger the flaw somewhat limits the attack surface but does not eliminate risk, especially in multi-tenant environments or where attackers have gained footholds. The absence of known exploits reduces immediate risk but organizations should not be complacent given the potential for future exploit development. The vulnerability also highlights the importance of kernel and driver updates in maintaining system security and stability.
Mitigation Recommendations
1. Apply Kernel Updates: Organizations should prioritize updating Linux kernels to versions where this vulnerability is patched. Monitor vendor advisories from distributions like Red Hat, SUSE, Ubuntu, and others for security updates addressing CVE-2022-49869. 2. Limit Access: Restrict local access to systems running vulnerable kernels and bnxt_en drivers. Limit use of tools like ethtool and network configuration utilities to trusted administrators only. 3. Network Device Configuration: Avoid unnecessary reconfiguration of coalescing settings on affected network devices until patches are applied. 4. Monitoring and Logging: Implement monitoring for kernel oops or crash logs that may indicate attempts to trigger this vulnerability. 5. Use Alternative Network Drivers: Where feasible, consider using alternative network adapters or drivers not affected by this issue, especially in critical environments. 6. Harden Systems: Employ standard Linux hardening practices to reduce the risk of local privilege escalation or unauthorized access that could lead to exploitation. 7. Incident Response Preparedness: Prepare for potential denial of service incidents by ensuring rapid recovery procedures and backups are in place.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49869: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for the entire duration and some datastructures may be freed during the sequence. Check for the BNXT_STATE_OPEN flag instead of netif_running() to ensure that the device is fully operational before proceeding to reconfigure the coalescing settings. This will fix a possible crash like this: BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 10 PID: 181276 Comm: ethtool Kdump: loaded Tainted: G IOE --------- - - 4.18.0-348.el8.x86_64 #1 Hardware name: Dell Inc. PowerEdge R740/0F9N89, BIOS 2.3.10 08/15/2019 RIP: 0010:bnxt_hwrm_set_coal+0x1fb/0x2a0 [bnxt_en] Code: c2 66 83 4e 22 08 66 89 46 1c e8 10 cb 00 00 41 83 c6 01 44 39 b3 68 01 00 00 0f 8e a3 00 00 00 48 8b 93 c8 00 00 00 49 63 c6 <48> 8b 2c c2 48 8b 85 b8 02 00 00 48 85 c0 74 2e 48 8b 74 24 08 f6 RSP: 0018:ffffb11c8dcaba50 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8d168a8b0ac0 RCX: 00000000000000c5 RDX: 0000000000000000 RSI: ffff8d162f72c000 RDI: ffff8d168a8b0b28 RBP: 0000000000000000 R08: b6e1f68a12e9a7eb R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000037 R12: ffff8d168a8b109c R13: ffff8d168a8b10aa R14: 0000000000000000 R15: ffffffffc01ac4e0 FS: 00007f3852e4c740(0000) GS:ffff8d24c0080000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000041b3ee003 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ethnl_set_coalesce+0x3ce/0x4c0 genl_family_rcv_msg_doit.isra.15+0x10f/0x150 genl_family_rcv_msg+0xb3/0x160 ? coalesce_fill_reply+0x480/0x480 genl_rcv_msg+0x47/0x90 ? genl_family_rcv_msg+0x160/0x160 netlink_rcv_skb+0x4c/0x120 genl_rcv+0x24/0x40 netlink_unicast+0x196/0x230 netlink_sendmsg+0x204/0x3d0 sock_sendmsg+0x4c/0x50 __sys_sendto+0xee/0x160 ? syscall_trace_enter+0x1d3/0x2c0 ? __audit_syscall_exit+0x249/0x2a0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x5b/0x1a0 entry_SYSCALL_64_after_hwframe+0x65/0xca RIP: 0033:0x7f38524163bb
AI-Powered Analysis
Technical Analysis
CVE-2022-49869 is a vulnerability identified in the Linux kernel's bnxt_en network driver, which is responsible for managing Broadcom NetXtreme-E Ethernet devices. The flaw arises during the error recovery sequence in the function bnxt_hwrm_set_coal(), which configures coalescing settings for the network device. Specifically, the issue is due to improper locking: the rtnl_lock (a kernel lock protecting network device data structures) is not held for the entire duration of the recovery process. Consequently, some data structures may be freed while still being accessed, leading to a potential NULL pointer dereference and kernel crash (kernel oops). The vulnerability manifests as a crash triggered by a NULL pointer dereference at address 0x0, as evidenced by the provided kernel oops log. The root cause is the incorrect check of the device state using netif_running(), which does not guarantee the device is fully operational. The fix involves checking the BNXT_STATE_OPEN flag instead, ensuring the device is in a proper state before reconfiguring coalescing settings. This vulnerability affects Linux kernel versions containing the bnxt_en driver with the described code path, including versions used in enterprise Linux distributions such as RHEL 8. The vulnerability does not appear to have known exploits in the wild as of the publication date. However, exploitation could cause denial of service (DoS) by crashing the kernel, leading to system instability or reboot. Since the flaw is in a kernel driver, exploitation requires local access or the ability to trigger the vulnerable code path, such as through ethtool commands or network device configuration utilities. No authentication bypass or privilege escalation is indicated, but the impact on availability can be significant on affected systems. No CVSS score is assigned yet, and no patch links are provided in the data, but the fix involves proper locking and state checking in the bnxt_en driver code.
Potential Impact
For European organizations, the impact of CVE-2022-49869 centers primarily on availability and operational stability of Linux-based servers and network infrastructure using Broadcom NetXtreme-E Ethernet adapters. Many enterprise-grade servers in Europe run Linux distributions such as RHEL, CentOS, Ubuntu, and SUSE, which may include the vulnerable bnxt_en driver. A successful trigger of this vulnerability can cause kernel crashes, resulting in system downtime, potential data loss, and disruption of critical services. This is particularly concerning for data centers, cloud providers, telecom operators, and financial institutions relying on high-availability Linux servers. Although the vulnerability does not provide direct privilege escalation or remote code execution, the denial of service can be leveraged as part of a larger attack chain or cause significant operational impact. The requirement for local or privileged access to trigger the flaw somewhat limits the attack surface but does not eliminate risk, especially in multi-tenant environments or where attackers have gained footholds. The absence of known exploits reduces immediate risk but organizations should not be complacent given the potential for future exploit development. The vulnerability also highlights the importance of kernel and driver updates in maintaining system security and stability.
Mitigation Recommendations
1. Apply Kernel Updates: Organizations should prioritize updating Linux kernels to versions where this vulnerability is patched. Monitor vendor advisories from distributions like Red Hat, SUSE, Ubuntu, and others for security updates addressing CVE-2022-49869. 2. Limit Access: Restrict local access to systems running vulnerable kernels and bnxt_en drivers. Limit use of tools like ethtool and network configuration utilities to trusted administrators only. 3. Network Device Configuration: Avoid unnecessary reconfiguration of coalescing settings on affected network devices until patches are applied. 4. Monitoring and Logging: Implement monitoring for kernel oops or crash logs that may indicate attempts to trigger this vulnerability. 5. Use Alternative Network Drivers: Where feasible, consider using alternative network adapters or drivers not affected by this issue, especially in critical environments. 6. Harden Systems: Employ standard Linux hardening practices to reduce the risk of local privilege escalation or unauthorized access that could lead to exploitation. 7. Incident Response Preparedness: Prepare for potential denial of service incidents by ensuring rapid recovery procedures and backups are in place.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.237Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4ec6
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 2:42:22 AM
Last updated: 8/12/2025, 6:41:11 PM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.