CVE-2022-50877
Use-After-Free and Race Condition in Linux bcm4908_enet Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | bcm4908_enet | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's Broadcom bcm4908_enet driver involves incorrect handling of transmission statistics and a potential race condition. Specifically, the driver was updating TX (transmit) statistics before the hardware actually confirmed the transmission of packets, which could lead to inaccurate stats. Additionally, there was a possible race condition and NULL pointer dereference where the function bcm4908_enet_start_xmit() might access a socket buffer (skb) after it had already been freed by bcm4908_enet_poll_tx(). The fix updates TX stats only after hardware confirms transmission and addresses the race and NULL dereference issues.
How can this vulnerability impact me? :
This vulnerability can lead to inaccurate transmission statistics, which may affect network monitoring and diagnostics. The race condition and NULL pointer dereference could potentially cause kernel crashes or instability, impacting system reliability and availability.