CVE-2022-49368: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() The "fsp->location" variable comes from user via ethtool_get_rxnfc(). Check that it is valid to prevent an out of bounds read.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=4.9<4.9.318 | |
| Linux Kernel | >=4.10<4.14.283 | |
| Linux Kernel | >=4.15<4.19.247 | |
| Linux Kernel | >=4.20<5.4.198 | |
| Linux Kernel | >=5.5<5.10.122 | |
| Linux Kernel | >=5.11<5.15.47 | |
| Linux Kernel | >=5.16<5.17.15 | |
| Linux Kernel | >=5.18<5.18.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/b4f0e57ea0d867aacffad7999527e48bd4ea9293
- https://git.kernel.org/stable/c/5ba81f82607ead85fe36f50869fc4f5661359ab8
- https://git.kernel.org/stable/c/657e7174603f0aab2cdedc64ac81edffd2a87afe
- https://git.kernel.org/stable/c/2bd1faedb74dc2a2be3972abcd4239b75a3e7b00
- https://git.kernel.org/stable/c/71ae30662ec610b92644d13f79c78f76f17873b3
- https://git.kernel.org/stable/c/b24ca1cf846273361d5bd73a35de95a486a54b6d
- https://git.kernel.org/stable/c/4cde554c70d7397cfa2e4116bacb4accdfb6fd48
- https://git.kernel.org/stable/c/0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8
- https://git.kernel.org/stable/c/e7e7104e2d5ddf3806a28695670f21bef471f1e1
Frequently Asked Questions
What is the severity of CVE-2022-49368?
CVE-2022-49368 is classified as a medium severity vulnerability due to potential out of bounds read that can compromise system integrity.
How do I fix CVE-2022-49368?
To fix CVE-2022-49368, you should upgrade the Linux kernel to a version that addresses the vulnerability, as indicated in the latest security patches.
Which versions are affected by CVE-2022-49368?
CVE-2022-49368 affects specific versions of the Linux kernel between 4.9 and up to 5.18, excluding patched versions.
What does CVE-2022-49368 specifically impact?
CVE-2022-49368 specifically impacts the MTK Ethernet driver in the Linux kernel, which can lead to out of bounds read upon erroneous user input.
Is there a workaround for CVE-2022-49368?
While the best approach is to apply the kernel updates, temporarily disabling the affected features may mitigate the risks associated with CVE-2022-49368.
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/type
- agent/title
- agent/references
- agent/source
- agent/author
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.9
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.18