CVE-2022-48645 (GCVE-0-2022-48645)

Vulnerability from cvelistv5 – Published: 2024-04-28 13:00 – Updated: 2025-05-04 08:20
VLAI?
Title
net: enetc: deny offload of tc-based TSN features on VF interfaces
Summary
In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers crashes the kernel: $ echo 1 > /sys/bus/pci/devices/0000\:00\:00.0/sriov_numvfs pci 0000:00:01.0: [1957:ef00] type 00 class 0x020001 fsl_enetc_vf 0000:00:01.0: Adding to iommu group 15 fsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002) fsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0 $ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \ sched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2 Unable to handle kernel paging request at virtual address ffff800009551a08 Internal error: Oops: 96000007 [#1] PREEMPT SMP pc : enetc_setup_tc_taprio+0x170/0x47c lr : enetc_setup_tc_taprio+0x16c/0x47c Call trace: enetc_setup_tc_taprio+0x170/0x47c enetc_setup_tc+0x38/0x2dc taprio_change+0x43c/0x970 taprio_init+0x188/0x1e0 qdisc_create+0x114/0x470 tc_modify_qdisc+0x1fc/0x6c0 rtnetlink_rcv_msg+0x12c/0x390 Split enetc_setup_tc() into separate functions for the PF and for the VF drivers. Also remove enetc_qos.o from being included into enetc-vf.ko, since it serves absolutely no purpose there.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 34c6adf1977b611fca3b824ad12a2a415e1e420e , < 510e703e4ed0e011db860bc21228aff48fc9eea7 (git)
Affected: 34c6adf1977b611fca3b824ad12a2a415e1e420e , < 23022b74b1a23bed044f6bc96cf92f6ca5f3e75f (git)
Affected: 34c6adf1977b611fca3b824ad12a2a415e1e420e , < 5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42 (git)
Create a notification for this product.
    Linux Linux Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.15.71 , ≤ 5.15.* (semver)
Unaffected: 5.19.12 , ≤ 5.19.* (semver)
Unaffected: 6.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48645",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:46:14.504061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:10.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/freescale/enetc/Makefile",
            "drivers/net/ethernet/freescale/enetc/enetc.c",
            "drivers/net/ethernet/freescale/enetc/enetc.h",
            "drivers/net/ethernet/freescale/enetc/enetc_pf.c",
            "drivers/net/ethernet/freescale/enetc/enetc_vf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "510e703e4ed0e011db860bc21228aff48fc9eea7",
              "status": "affected",
              "version": "34c6adf1977b611fca3b824ad12a2a415e1e420e",
              "versionType": "git"
            },
            {
              "lessThan": "23022b74b1a23bed044f6bc96cf92f6ca5f3e75f",
              "status": "affected",
              "version": "34c6adf1977b611fca3b824ad12a2a415e1e420e",
              "versionType": "git"
            },
            {
              "lessThan": "5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42",
              "status": "affected",
              "version": "34c6adf1977b611fca3b824ad12a2a415e1e420e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/freescale/enetc/Makefile",
            "drivers/net/ethernet/freescale/enetc/enetc.c",
            "drivers/net/ethernet/freescale/enetc/enetc.h",
            "drivers/net/ethernet/freescale/enetc/enetc_pf.c",
            "drivers/net/ethernet/freescale/enetc/enetc_vf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.71",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.71",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.12",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: deny offload of tc-based TSN features on VF interfaces\n\nTSN features on the ENETC (taprio, cbs, gate, police) are configured\nthrough a mix of command BD ring messages and port registers:\nenetc_port_rd(), enetc_port_wr().\n\nPort registers are a region of the ENETC memory map which are only\naccessible from the PCIe Physical Function. They are not accessible from\nthe Virtual Functions.\n\nMoreover, attempting to access these registers crashes the kernel:\n\n$ echo 1 \u003e /sys/bus/pci/devices/0000\\:00\\:00.0/sriov_numvfs\npci 0000:00:01.0: [1957:ef00] type 00 class 0x020001\nfsl_enetc_vf 0000:00:01.0: Adding to iommu group 15\nfsl_enetc_vf 0000:00:01.0: enabling device (0000 -\u003e 0002)\nfsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0\n$ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \\\n\tqueues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \\\n\tsched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2\nUnable to handle kernel paging request at virtual address ffff800009551a08\nInternal error: Oops: 96000007 [#1] PREEMPT SMP\npc : enetc_setup_tc_taprio+0x170/0x47c\nlr : enetc_setup_tc_taprio+0x16c/0x47c\nCall trace:\n enetc_setup_tc_taprio+0x170/0x47c\n enetc_setup_tc+0x38/0x2dc\n taprio_change+0x43c/0x970\n taprio_init+0x188/0x1e0\n qdisc_create+0x114/0x470\n tc_modify_qdisc+0x1fc/0x6c0\n rtnetlink_rcv_msg+0x12c/0x390\n\nSplit enetc_setup_tc() into separate functions for the PF and for the\nVF drivers. Also remove enetc_qos.o from being included into\nenetc-vf.ko, since it serves absolutely no purpose there."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:20:23.337Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7"
        },
        {
          "url": "https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f"
        },
        {
          "url": "https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42"
        }
      ],
      "title": "net: enetc: deny offload of tc-based TSN features on VF interfaces",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48645",
    "datePublished": "2024-04-28T13:00:11.615Z",
    "dateReserved": "2024-02-25T13:44:28.316Z",
    "dateUpdated": "2025-05-04T08:20:23.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T15:17:55.608Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48645\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:46:14.504061Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:15.080Z\"}}], \"cna\": {\"title\": \"net: enetc: deny offload of tc-based TSN features on VF interfaces\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"34c6adf1977b611fca3b824ad12a2a415e1e420e\", \"lessThan\": \"510e703e4ed0e011db860bc21228aff48fc9eea7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"34c6adf1977b611fca3b824ad12a2a415e1e420e\", \"lessThan\": \"23022b74b1a23bed044f6bc96cf92f6ca5f3e75f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"34c6adf1977b611fca3b824ad12a2a415e1e420e\", \"lessThan\": \"5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/freescale/enetc/Makefile\", \"drivers/net/ethernet/freescale/enetc/enetc.c\", \"drivers/net/ethernet/freescale/enetc/enetc.h\", \"drivers/net/ethernet/freescale/enetc/enetc_pf.c\", \"drivers/net/ethernet/freescale/enetc/enetc_vf.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.5\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.5\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.15.71\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.19.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.19.*\"}, {\"status\": \"unaffected\", \"version\": \"6.0\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/freescale/enetc/Makefile\", \"drivers/net/ethernet/freescale/enetc/enetc.c\", \"drivers/net/ethernet/freescale/enetc/enetc.h\", \"drivers/net/ethernet/freescale/enetc/enetc_pf.c\", \"drivers/net/ethernet/freescale/enetc/enetc_vf.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7\"}, {\"url\": \"https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f\"}, {\"url\": \"https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: enetc: deny offload of tc-based TSN features on VF interfaces\\n\\nTSN features on the ENETC (taprio, cbs, gate, police) are configured\\nthrough a mix of command BD ring messages and port registers:\\nenetc_port_rd(), enetc_port_wr().\\n\\nPort registers are a region of the ENETC memory map which are only\\naccessible from the PCIe Physical Function. They are not accessible from\\nthe Virtual Functions.\\n\\nMoreover, attempting to access these registers crashes the kernel:\\n\\n$ echo 1 \u003e /sys/bus/pci/devices/0000\\\\:00\\\\:00.0/sriov_numvfs\\npci 0000:00:01.0: [1957:ef00] type 00 class 0x020001\\nfsl_enetc_vf 0000:00:01.0: Adding to iommu group 15\\nfsl_enetc_vf 0000:00:01.0: enabling device (0000 -\u003e 0002)\\nfsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0\\n$ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \\\\\\n\\tqueues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \\\\\\n\\tsched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2\\nUnable to handle kernel paging request at virtual address ffff800009551a08\\nInternal error: Oops: 96000007 [#1] PREEMPT SMP\\npc : enetc_setup_tc_taprio+0x170/0x47c\\nlr : enetc_setup_tc_taprio+0x16c/0x47c\\nCall trace:\\n enetc_setup_tc_taprio+0x170/0x47c\\n enetc_setup_tc+0x38/0x2dc\\n taprio_change+0x43c/0x970\\n taprio_init+0x188/0x1e0\\n qdisc_create+0x114/0x470\\n tc_modify_qdisc+0x1fc/0x6c0\\n rtnetlink_rcv_msg+0x12c/0x390\\n\\nSplit enetc_setup_tc() into separate functions for the PF and for the\\nVF drivers. Also remove enetc_qos.o from being included into\\nenetc-vf.ko, since it serves absolutely no purpose there.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.71\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.19.12\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.0\", \"versionStartIncluding\": \"5.5\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T08:20:23.337Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-48645\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T08:20:23.337Z\", \"dateReserved\": \"2024-02-25T13:44:28.316Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-28T13:00:11.615Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.