cve-2022-49862
Vulnerability from cvelistv5
Published
2025-05-01 14:10
Modified
2025-05-04 12:45
Severity ?
Summary
tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/082707d3df191bf5bb8801d43e4ce3dea39ca173
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c075b192fe41030457cd4a5f7dea730412bca40
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/301caa06091af4d5cf056ac8249cbda4e6029c6a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/36769b9477491a7af6635863bd950309c1e1b96c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/55a253a6753a603e80b95932ca971ba514aa6ce7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6cee2c60bd168279852ac7dbe54c2b70d1028644
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a0ead1d648df9c456baec832b494513ef405949a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f31dd158580940938f77514b87337a777520185a
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/netlink_compat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "082707d3df191bf5bb8801d43e4ce3dea39ca173",
              "status": "affected",
              "version": "4c559fb7e111077b56f62ccf833a52d8169cde19",
              "versionType": "git"
            },
            {
              "lessThan": "a0ead1d648df9c456baec832b494513ef405949a",
              "status": "affected",
              "version": "2aae1723dea1235ffef183daf0694805297424f6",
              "versionType": "git"
            },
            {
              "lessThan": "55a253a6753a603e80b95932ca971ba514aa6ce7",
              "status": "affected",
              "version": "2d5fc1d492d194aa2986c5a9d8a48a60e9143a72",
              "versionType": "git"
            },
            {
              "lessThan": "36769b9477491a7af6635863bd950309c1e1b96c",
              "status": "affected",
              "version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
              "versionType": "git"
            },
            {
              "lessThan": "f31dd158580940938f77514b87337a777520185a",
              "status": "affected",
              "version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
              "versionType": "git"
            },
            {
              "lessThan": "301caa06091af4d5cf056ac8249cbda4e6029c6a",
              "status": "affected",
              "version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
              "versionType": "git"
            },
            {
              "lessThan": "6cee2c60bd168279852ac7dbe54c2b70d1028644",
              "status": "affected",
              "version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
              "versionType": "git"
            },
            {
              "lessThan": "1c075b192fe41030457cd4a5f7dea730412bca40",
              "status": "affected",
              "version": "974cb0e3e7c963ced06c4e32c5b2884173fa5e01",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c25352f9ad5dffb4de95069e67891e2aa2e99e50",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5486e8d46560ca2b4d86cbd7d3a66d9913b2ac65",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/netlink_compat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.334",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.267",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.334",
                  "versionStartIncluding": "4.9.152",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.300",
                  "versionStartIncluding": "4.14.95",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.267",
                  "versionStartIncluding": "4.19.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.225",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.155",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.79",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.9",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.172",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.20.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix the msg-\u003ereq tlv len check in tipc_nl_compat_name_table_dump_header\n\nThis is a follow-up for commit 974cb0e3e7c9 (\"tipc: fix uninit-value\nin tipc_nl_compat_name_table_dump\") where it should have type casted\nsizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative\nvalue.\n\nsyzbot reported a call trace because of it:\n\n  BUG: KMSAN: uninit-value in ...\n   tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934\n   __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238\n   tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321\n   tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324\n   genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\n   genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]\n   genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792\n   netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501\n   genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803\n   netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n   netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345\n   netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921\n   sock_sendmsg_nosec net/socket.c:714 [inline]\n   sock_sendmsg net/socket.c:734 [inline]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:45:17.323Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/082707d3df191bf5bb8801d43e4ce3dea39ca173"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0ead1d648df9c456baec832b494513ef405949a"
        },
        {
          "url": "https://git.kernel.org/stable/c/55a253a6753a603e80b95932ca971ba514aa6ce7"
        },
        {
          "url": "https://git.kernel.org/stable/c/36769b9477491a7af6635863bd950309c1e1b96c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f31dd158580940938f77514b87337a777520185a"
        },
        {
          "url": "https://git.kernel.org/stable/c/301caa06091af4d5cf056ac8249cbda4e6029c6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6cee2c60bd168279852ac7dbe54c2b70d1028644"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c075b192fe41030457cd4a5f7dea730412bca40"
        }
      ],
      "title": "tipc: fix the msg-\u003ereq tlv len check in tipc_nl_compat_name_table_dump_header",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49862",
    "datePublished": "2025-05-01T14:10:15.742Z",
    "dateReserved": "2025-05-01T14:05:17.236Z",
    "dateUpdated": "2025-05-04T12:45:17.323Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49862\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:11.097\",\"lastModified\":\"2025-05-02T13:52:51.693\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: fix the msg-\u003ereq tlv len check in tipc_nl_compat_name_table_dump_header\\n\\nThis is a follow-up for commit 974cb0e3e7c9 (\\\"tipc: fix uninit-value\\nin tipc_nl_compat_name_table_dump\\\") where it should have type casted\\nsizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative\\nvalue.\\n\\nsyzbot reported a call trace because of it:\\n\\n  BUG: KMSAN: uninit-value in ...\\n   tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934\\n   __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238\\n   tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321\\n   tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324\\n   genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\\n   genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]\\n   genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792\\n   netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501\\n   genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803\\n   netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\\n   netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345\\n   netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921\\n   sock_sendmsg_nosec net/socket.c:714 [inline]\\n   sock_sendmsg net/socket.c:734 [inline]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: corrige la comprobaci\u00f3n de longitud del tlv msg-\u0026gt;req en tipc_nl_compat_name_table_dump_header Este es un seguimiento del commit 974cb0e3e7c9 (\\\"tipc: corrige uninit-value en tipc_nl_compat_name_table_dump\\\") donde deber\u00eda haber convertido el tipo sizeof(..) a int para que funcione cuando TLV_GET_DATA_LEN() devuelve un valor negativo. syzbot inform\u00f3 un seguimiento de llamadas debido a esto: ERROR: KMSAN: valor no inicializado en ... tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934 __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238 tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321 tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline] genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792 netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501 genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] \"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/082707d3df191bf5bb8801d43e4ce3dea39ca173\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1c075b192fe41030457cd4a5f7dea730412bca40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/301caa06091af4d5cf056ac8249cbda4e6029c6a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/36769b9477491a7af6635863bd950309c1e1b96c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/55a253a6753a603e80b95932ca971ba514aa6ce7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6cee2c60bd168279852ac7dbe54c2b70d1028644\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a0ead1d648df9c456baec832b494513ef405949a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f31dd158580940938f77514b87337a777520185a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.