{ "threat_severity" : "Moderate", "public_date" : "2025-02-26T00:00:00Z", "bugzilla" : { "description" : "kernel: veth: Ensure eth header is in skb's linear part", "id" : "2348115", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2348115" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nveth: Ensure eth header is in skb's linear part\nAfter feeding a decapsulated packet to a veth device with act_mirred,\nskb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),\nwhich expects at least ETH_HLEN byte of linear data (as\n__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes\nunconditionally).\nUse pskb_may_pull() to ensure veth_xmit() respects this constraint.\nkernel BUG at include/linux/skbuff.h:2328!\nRIP: 0010:eth_type_trans+0xcf/0x140\nCall Trace:\n\n__dev_forward_skb2+0xe3/0x160\nveth_xmit+0x6e/0x250 [veth]\ndev_hard_start_xmit+0xc7/0x200\n__dev_queue_xmit+0x47f/0x520\n? skb_ensure_writable+0x85/0xa0\n? skb_mpls_pop+0x98/0x1c0\ntcf_mirred_act+0x442/0x47e [act_mirred]\ntcf_action_exec+0x86/0x140\nfl_classify+0x1d8/0x1e0 [cls_flower]\n? dma_pte_clear_level+0x129/0x1a0\n? dma_pte_clear_level+0x129/0x1a0\n? prb_fill_curr_block+0x2f/0xc0\n? skb_copy_bits+0x11a/0x220\n__tcf_classify+0x58/0x110\ntcf_classify_ingress+0x6b/0x140\n__netif_receive_skb_core.constprop.0+0x47d/0xfd0\n? __iommu_dma_unmap_swiotlb+0x44/0x90\n__netif_receive_skb_one_core+0x3d/0xa0\nnetif_receive_skb+0x116/0x170\nbe_process_rx+0x22f/0x330 [be2net]\nbe_poll+0x13c/0x370 [be2net]\n__napi_poll+0x2a/0x170\nnet_rx_action+0x22f/0x2f0\n__do_softirq+0xca/0x2a8\n__irq_exit_rcu+0xc1/0xe0\ncommon_interrupt+0x83/0xa0" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7683", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-425.3.1.el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49066\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49066\nhttps://lore.kernel.org/linux-cve-announce/2025022654-CVE-2022-49066-bc68@gregkh/T" ], "name" : "CVE-2022-49066", "csaw" : false }