CVE-2022-49993

MEDIUM EPSS 10.6%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the offset. loop_device has lo_offset of type loff_t (see line 52 of loop.c), which is typdef-chained to long long, whereas loop_info64 has lo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h). The function directly copies offset from info to the device as follows (See line 980 of loop.c): lo->lo_offset = info->lo_offset; This results in an overflow, which triggers a warning in iomap_iter() due to a call to iomap_iter_done() which has: WARN_ON_ONCE(iter->iomap.offset > iter->pos); Thus, check for negative value during loop_set_status_from_info(). Bug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel* <4.9.327
linuxlinux_kernel*≥4.10  –  <4.14.292
linuxlinux_kernel*≥4.15  –  <4.19.312
linuxlinux_kernel*≥4.20  –  <5.4.274
linuxlinux_kernel*≥5.5  –  <5.10.140
linuxlinux_kernel*≥5.11  –  <5.15.64
linuxlinux_kernel*≥5.16  –  <5.19.6
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0455bef69028c65065f16bb04635591b2374249b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/18e28817cb516b39de6281f6db9b0618b2cc7b42
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6858933131d0dadac071c4d33335a9ea4b8e76cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9be7fa7ead18a48940df7b59d993bbc8b9055c15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a217715338fd48f72114725aa7a40e484a781ca7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adf0112d9b8acb03485624220b4934f69bf13369
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b40877b8562c5720d0a7fce20729f56b75a3dede
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c490a0b5a4f36da3918181a8acdc6991d967c5f3
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0455bef69028c65065f16bb04635591b2374249b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/18e28817cb516b39de6281f6db9b0618b2cc7b42
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6858933131d0dadac071c4d33335a9ea4b8e76cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9be7fa7ead18a48940df7b59d993bbc8b9055c15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a217715338fd48f72114725aa7a40e484a781ca7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adf0112d9b8acb03485624220b4934f69bf13369
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b40877b8562c5720d0a7fce20729f56b75a3dede
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c490a0b5a4f36da3918181a8acdc6991d967c5f3
    Patch