CVE-2022-49820

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the mctp i2c module. The issue arises when a flow is released before sending the first packet it contains, causing a mismatch between the release count and the i2c lock operation. This can lead to a release count overflow. To fix this, the kernel now only releases a flow if it has been encountered previously, and an INVALID flow state has been added to indicate when a release has been performed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.