[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2022-48969":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2022-48969","In the Linux kernel, the following vulnerability has been resolved:  xen-netfront: Fix NULL sring after live migration  A NAPI is setup for each network sring to poll data to kernel The sring with source host is destroyed before live migration and new sring with target host is setup after live migration. The NAPI for the old sring is not deleted until setup new sring with target host after migration. With busy_poll/busy_read enabled, the NAPI can be polled before got deleted when resume VM.  BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: xennet_poll+0xae/0xd20 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI Call Trace:  finish_task_switch+0x71/0x230  timerqueue_del+0x1d/0x40  hrtimer_try_to_cancel+0xb5/0x110  xennet_alloc_rx_buffers+0x2a0/0x2a0  napi_busy_loop+0xdb/0x270  sock_poll+0x87/0x90  do_sys_poll+0x26f/0x580  tracing_map_insert+0x1d4/0x2f0  event_hist_trigger+0x14a/0x260   finish_task_switch+0x71/0x230  __schedule+0x256/0x890  recalc_sigpending+0x1b/0x50  xen_sched_clock+0x15/0x20  __rb_reserve_next+0x12d/0x140  ring_buffer_lock_reserve+0x123/0x3d0  event_triggers_call+0x87/0xb0  trace_event_buffer_commit+0x1c4/0x210  xen_clocksource_get_cycles+0x15/0x20  ktime_get_ts64+0x51/0xf0  SyS_ppoll+0x160/0x1a0  SyS_ppoll+0x160/0x1a0  do_syscall_64+0x73/0x130  entry_SYSCALL_64_after_hwframe+0x41/0xa6 ... RIP: xennet_poll+0xae/0xd20 RSP: ffffb4f041933900 CR2: 0000000000000008 ---[ end trace f8601785b354351c ]---  xen frontend should remove the NAPIs for the old srings before live migration as the bond srings are destroyed  There is a tiny window between the srings are set to NULL and the NAPIs are disabled, It is safe as the NAPI threads are still frozen at that time",null,[],[],[],[14],{"_key":15},"CVE-2022-48969",[],[],[],"2024-10-21T20:15:09.037Z","2026-04-28T20:25:00.190093Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2022-48969",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52,55,56],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt5_10_162_1",true,"ecosystem","5.10.162-1","excluding",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},"lt6_1_4_1","6.1.4-1",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9}]