CVE-2022-49226
MEDIUM EPSS 15.8%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller. Since all read requests are performed via asix_read_cmd() let's catch usb related error there and add __must_check notation to be sure all callers actually check return value. So, this patch adds sanity check inside asix_read_cmd(), that simply checks if bytes read are not less, than was requested and adds missing error handling of asix_read_cmd() all across the driver code.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/662ff765470ad0d11a1153d6d8e99d69a98e60b4
- git.kernel.org https://git.kernel.org/stable/c/920a9fa27e7805499cfe78491b36fed2322c02ec
- git.kernel.org https://git.kernel.org/stable/c/9ea8d2fca8fea3b17005b4dc02f8ef15f7a2fb97
- git.kernel.org https://git.kernel.org/stable/c/b96a7265f763b37ff3138b9ca8122a950f13b00e
Remediation
- git.kernel.org https://git.kernel.org/stable/c/662ff765470ad0d11a1153d6d8e99d69a98e60b4
- git.kernel.org https://git.kernel.org/stable/c/920a9fa27e7805499cfe78491b36fed2322c02ec
- git.kernel.org https://git.kernel.org/stable/c/9ea8d2fca8fea3b17005b4dc02f8ef15f7a2fb97
- git.kernel.org https://git.kernel.org/stable/c/b96a7265f763b37ff3138b9ca8122a950f13b00e