Bug 1227970 (CVE-2022-48807)

Summary: VUL-0: CVE-2022-48807: kernel: ice: fix KASAN error in LAG NETDEV_UNREGISTER handler
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: camila.matos, meissner, miroslav.franc
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/414236/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-48807:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1228024    

Description SMASH SMASH 2024-07-16 17:57:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler

Currently, the same handler is called for both a NETDEV_BONDING_INFO
LAG unlink notification as for a NETDEV_UNREGISTER call.  This is
causing a problem though, since the netdev_notifier_info passed has
a different structure depending on which event is passed.  The problem
manifests as a call trace from a BUG: KASAN stack-out-of-bounds error.

Fix this by creating a handler specific to NETDEV_UNREGISTER that only
is passed valid elements in the netdev_notifier_info struct for the
NETDEV_UNREGISTER event.

Also included is the removal of an unbalanced dev_put on the peer_netdev
and related braces.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48807
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2022/CVE-2022-48807.mbox
https://git.kernel.org/stable/c/f9daedc3ab8f673e3a9374b91a89fbf1174df469
https://git.kernel.org/stable/c/faa9bcf700ca1a0d09f92502a6b65d3ce313fb46
https://git.kernel.org/stable/c/bea1898f65b9b7096cb4e73e97c83b94718f1fa1
https://www.cve.org/CVERecord?id=CVE-2022-48807