CVE-2022-50651

Vulnerability

Overview

The Linux kernel's ethtool subsystem for dumping EEPROM data via ethtool contains a null-pointer dereference flaw. The function responsible for handling the dump operations fails to properly validate the genl_info pointer before using it, mirroring a similar issue previously fixed in the PSE-PD dump handler [1]. This oversight means that under specific conditions, the pointer can be NULL, leading to a kernel crash when the code attempts to access its members.

Exploitation

An attacker with local access and the ability to send crafted netlink messages to the ethtool interface can trigger this vulnerability. No special privileges beyond basic user access are required to initiate the dump operation that hits the vulnerable code path. The attack surface is limited to local users, as the ethtool netlink interface is not exposed remotely.

Impact

Successful exploitation results in a kernel NULL-pointer dereference, causing a system crash (denial of service). This can be used to disrupt services or force a reboot. There is no evidence of privilege escalation or code execution from this bug.

Mitigation

The fix has been applied in the Linux kernel stable tree as commit 9d9effca9d7d [1]. Users should update to a kernel version containing this commit or a later stable release that includes the backport. No workaround is available; the only mitigation is to apply the patch.