In the Linux kernel, the following vulnerability has been resolved:net/mlx5e: Fix handling of wrong devices during bond neteventCurrent implementation of bond netevent handler only check ifthe handled netdev is VF representor and it missing a check ifthe VF representor is on the same phys device of the bond handlingthe netevent.Fix by adding the missing check and optimizing the check ifthe netdev is VF representor so it will not access uninitializedprivate data and crashes.BUG: kernel NULL pointer dereference, address: 000000000000036cPGD 0 P4D 0Oops: 0000 #1] SMP NOPTIWorkqueue: eth3bond0 bond_mii_monitor [bonding]RIP: 0010:mlx5e_is_uplink_rep+0xc/0x50 [mlx5_core]RSP: 0018:ffff88812d69fd60 EFLAGS: 00010282RAX: 0000000000000000 RBX: ffff8881cf800000 RCX: 0000000000000000RDX: ffff88812d69fe10 RSI: 000000000000001b RDI: ffff8881cf800880RBP: ffff8881cf800000 R08: 00000445cabccf2b R09: 0000000000000008R10: 0000000000000004 R11: 0000000000000008 R12: ffff88812d69fe10R13: 00000000fffffffe R14: ffff88820c0f9000 R15: 0000000000000000FS: 0000000000000000(0000) GS:ffff88846fb00000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 000000000000036c CR3: 0000000103d80006 CR4: 0000000000370ea0DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400Call Trace: mlx5e_eswitch_uplink_rep+0x31/0x40 [mlx5_core] mlx5e_rep_is_lag_netdev+0x94/0xc0 [mlx5_core] mlx5e_rep_esw_bond_netevent+0xeb/0x3d0 [mlx5_core] raw_notifier_call_chain+0x41/0x60 call_netdevice_notifiers_info+0x34/0x80 netdev_lower_state_changed+0x4e/0xa0 bond_mii_monitor+0x56b/0x640 [bonding] process_one_work+0x1b9/0x390 worker_thread+0x4d/0x3d0 ? rescuer_thread+0x350/0x350 kthread+0x124/0x150 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x1f/0x30 CREATE(Triage):(User=admin) [CVE-2022-48746 (https://nvd.nist.gov/vuln/detail/CVE-2022-48746)
