CVE-2022-48883 in Linux
Summary
by MITRE • 08/21/2024
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
A user is able to configure an arbitrary number of rx queues when creating an interface via netlink. This doesn't work for child PKEY interfaces because the child interface uses the parent receive channels.
Although the child shares the parent's receive channels, the number of rx queues is important for the channel_stats array: the parent's rx channel index is used to access the child's channel_stats. So the array has to be at least as large as the parent's rx queue size for the counting to work correctly and to prevent out of bound accesses.
This patch checks for the mentioned scenario and returns an error when trying to create the interface. The error is propagated to the user.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/17/2026
The vulnerability described in CVE-2022-48883 resides within the Linux kernel's mlx5e network driver implementation, specifically affecting InfiniBand IP over InfiniBand (IPoIB) interfaces. This issue manifests in the management of receive queue configurations for parent and child PKEY interfaces within the Mellanox ConnectX-5 and newer network adapters. The flaw occurs when a user attempts to create child PKEY interfaces with fewer receive queues than their parent interface, creating a fundamental mismatch in the underlying channel statistics array management. The vulnerability represents a classic buffer over-read condition that can lead to system instability and potential privilege escalation, as the kernel's network subsystem fails to properly validate queue allocation parameters during interface creation.
The technical root cause stems from improper validation of receive queue configurations in the mlx5e driver's IPoIB implementation. When a user creates a PKEY child interface, the system should maintain consistency between parent and child queue configurations to ensure proper channel statistics tracking. However, the driver fails to validate that child interfaces cannot have fewer receive queues than their parent, leading to a scenario where the parent's channel index is used to access the child's channel_stats array. This creates an out-of-bounds memory access pattern that violates the fundamental principle of array bounds checking and memory safety. The vulnerability is categorized under CWE-129 as an Improper Validation of Array Index, specifically manifesting as an out-of-bounds read condition. The issue directly impacts the kernel's memory management and channel statistics tracking mechanisms, which are critical for network performance monitoring and resource allocation.
The operational impact of this vulnerability extends beyond simple memory corruption, potentially allowing attackers to exploit the out-of-bounds access for privilege escalation or system denial of service. When an attacker creates a malformed PKEY interface with insufficient receive queues, the kernel's channel_stats array access becomes invalid, potentially leading to memory corruption that could be leveraged to execute arbitrary code with kernel privileges. This represents a significant concern in environments where unprivileged users can create network interfaces, as it provides a potential attack vector for privilege escalation. The vulnerability affects systems using Mellanox ConnectX-5 and newer hardware, particularly those running kernel versions where the mlx5e driver handles IPoIB interface creation. The attack surface is broadened by the fact that this issue can be exploited through standard network configuration interfaces, making it accessible to users with basic system access rights.
Mitigation strategies for CVE-2022-48883 focus on implementing proper validation within the kernel's network subsystem to prevent inconsistent queue configurations during interface creation. The patched solution enforces a validation check that prevents creation of child PKEY interfaces with fewer receive queues than their parent, returning an appropriate error code to the user space application. This approach aligns with the principle of least privilege and input validation as outlined in the MITRE ATT&CK framework's privilege escalation techniques. System administrators should ensure their kernels are updated to versions containing the patch, specifically addressing the mlx5e driver's IPoIB interface creation logic. Additionally, monitoring network interface creation events and implementing proper access controls for network configuration operations can help detect and prevent exploitation attempts. The fix essentially implements a boundary check validation mechanism that prevents the invalid array access pattern, demonstrating the importance of proper resource management and input validation in kernel space operations.