CVE-2022-49368

HIGH EPSS 17.1%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() The "fsp->location" variable comes from user via ethtool_get_rxnfc(). Check that it is valid to prevent an out of bounds read.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
17.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.9  –  <4.9.318
linuxlinux_kernel*≥4.10  –  <4.14.283
linuxlinux_kernel*≥4.15  –  <4.19.247
linuxlinux_kernel*≥4.20  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.122
linuxlinux_kernel*≥5.11  –  <5.15.47
linuxlinux_kernel*≥5.16  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2bd1faedb74dc2a2be3972abcd4239b75a3e7b00
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4cde554c70d7397cfa2e4116bacb4accdfb6fd48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ba81f82607ead85fe36f50869fc4f5661359ab8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/657e7174603f0aab2cdedc64ac81edffd2a87afe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71ae30662ec610b92644d13f79c78f76f17873b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b24ca1cf846273361d5bd73a35de95a486a54b6d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4f0e57ea0d867aacffad7999527e48bd4ea9293
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7e7104e2d5ddf3806a28695670f21bef471f1e1
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2bd1faedb74dc2a2be3972abcd4239b75a3e7b00
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4cde554c70d7397cfa2e4116bacb4accdfb6fd48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ba81f82607ead85fe36f50869fc4f5661359ab8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/657e7174603f0aab2cdedc64ac81edffd2a87afe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71ae30662ec610b92644d13f79c78f76f17873b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b24ca1cf846273361d5bd73a35de95a486a54b6d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b4f0e57ea0d867aacffad7999527e48bd4ea9293
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7e7104e2d5ddf3806a28695670f21bef471f1e1
    Patch