CVE-2022-48651: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48651 is a vulnerability in the Linux kernel's ipvlan driver that was discovered and disclosed on April 28, 2024. The vulnerability affects the ipvlan network driver when using AFPACKET sockets with specific configurations. When an AFPACKET socket's default xmit function is changed from devqueuexmit() to packetdirectxmit() via setsockopt() with PACKETQDISCBYPASS option, the skb->mac_header may remain unset with an initial value of 65535, potentially leading to slab-out-of-bounds bugs (Kernel Git).

The vulnerability stems from two main issues in the packet handling process: 1) packetsnd() only resets skb->macheader when sock->type is SOCKRAW and skb->protocol is not specified in packetparseheaders(), and 2) packetdirectxmit() doesn't reset skb->macheader like devqueuexmit() does. When ipvlanxmitmodel2() is called with skb->macheader set to 65535, an out-of-bound access occurs when attempting to get the mac header using ethhdr() which uses 'skb->head + skb->macheader' (NVD).

The vulnerability can lead to slab-out-of-bounds read access in the Linux kernel's ipvlan driver. This could potentially result in information disclosure or system instability. The CVSS v3.1 base score is 7.7 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating local access required but no privileges or user interaction needed (NVD).

The vulnerability has been patched by replacing ethhdr() with skbethhdr() in ipvlanxmitmodel2() and resetting mac header in multicast scenarios. The fix was implemented in the Linux kernel through commit 81225b2ea161af48e093f58e8dfee6d705b16af4 (Kernel Git).