Integer underflow in Linux kernel - CVE-2022-49208
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104797
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49208
CWE-ID: CWE-191
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the irdma_sc_qp_create(), irdma_sc_cq_create(), irdma_sc_ceq_init() and irdma_sc_ccq_init() functions in drivers/infiniband/hw/irdma/ctrl.c. A local user can execute arbitrary code.
How to mitigate CVE-2022-49208
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/6f6dbb819dfc1a35bcb8b709b5c83a3ea8beff75
- https://git.kernel.org/stable/c/7340c3675d7ac946f4019b84cd7c64ed542dfe4c
- https://git.kernel.org/stable/c/d52dab6e03550f9c97121b0c11c0a3ed78ee76a4
- https://git.kernel.org/stable/c/f21056f15bbeacab7b4b87af232f5599d1f2bff1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.19