Input validation error in Linux kernel - CVE-2022-49226
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104726
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49226
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ax88772_bind() and ax88178_reset() functions in drivers/net/usb/asix_devices.c, within the asix_read_cmd(), asix_check_host_enable() and asix_mdio_read_nopm() functions in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2022-49226
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/662ff765470ad0d11a1153d6d8e99d69a98e60b4
- https://git.kernel.org/stable/c/920a9fa27e7805499cfe78491b36fed2322c02ec
- https://git.kernel.org/stable/c/9ea8d2fca8fea3b17005b4dc02f8ef15f7a2fb97
- https://git.kernel.org/stable/c/b96a7265f763b37ff3138b9ca8122a950f13b00e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33