#VU104520 Out-of-bounds read in Linux kernel - CVE-2022-49592

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104520

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49592

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dwmac4_map_mtl_dma() function in drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/508d86ead36cbd8dfb60773a33276790d668c473
https://git.kernel.org/stable/c/573768dede0e2b7de38ecbc11cb3ee47643902dc
https://git.kernel.org/stable/c/613b065ca32e90209024ec4a6bb5ca887ee70980
https://git.kernel.org/stable/c/7c687a893f5cae5ca40d189635602e93af9bab73
https://git.kernel.org/stable/c/a3ac79f38d354b10925824899cdbd2caadce55ba
https://git.kernel.org/stable/c/ad2febdfbd01e1d092a08bfdba92ede79ea05ff3
https://git.kernel.org/stable/c/e846bde09677fa3b203057846620b7ed96540f5f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Out-of-bounds read in Linux kernel stmicro stmmac driver