CVE-2022-50710

Vulnerability

Overview

CVE-2022-50710 is a NULL pointer dereference vulnerability in the Linux kernel's Intel Ethernet Connection (ice) driver. The root cause is that when a user changes the number of transmit queues via ethtool, the driver allocates new Tx rings using kcalloc, which zeroes the memory. However, the tx_tstamps field within the ring structure is not explicitly initialized. This leaves tx_tstamps as NULL, and any subsequent attempt to use the ring for hardware transmit timestamping will dereference this NULL pointer, causing a kernel crash [1][2].

Exploitation

Conditions

An attacker would need the ability to trigger a reconfiguration of the network queues via ethtool on a system using the ice driver. This typically requires local access with sufficient privileges (e.g., CAP_NET_ADMIN) to run ethtool commands. The attack surface is limited to systems where the ice driver is in use and where an unprivileged or malicious user can invoke the queue change operation. No network-based exploitation is possible; the vulnerability is triggered locally through a legitimate administrative interface.

Impact

Successful exploitation results in a denial of service (DoS) through a kernel NULL pointer dereference, leading to a system crash or hang. The impact is limited to availability; there is no evidence of privilege escalation or data corruption from this bug. The vulnerability affects the ice driver in the Linux kernel prior to the inclusion of the fix commits.

Mitigation

The fix was applied in the Linux kernel stable tree via commits [1] and [2], which ensure that tx_tstamps is properly initialized when new Tx rings are allocated. Users should update to a kernel version containing these commits. No workaround is available other than avoiding the use of ethtool to change queue counts on affected systems.