PT-2025-8125 · Linux+3 · Linux Kernel+3

Petr Machata

Published

2022-03-17

Updated

2025-09-29

CVE-2022-49197

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A shift out of bounds issue in the group mask calculation of the af netlink component has been identified. When a netlink message is received, the nl groups field, which carries the multicast group on which the message was received, can lead to out-of-bounds shift attempts if the group number exceeds 32. This can result in either a wrong non-zero value or zero being set in the nl groups field. To determine membership in groups 32 or higher, userspace should use nl pktinfo control messages, enabled by the NETLINK PKTINFO socket option.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-190

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2026-03551

CVE-2022-49197

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2025:01600-1

SUSE-SU-2025_01600-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

PT-2025-8125 · Linux+3 · Linux Kernel+3

CVE-2022-49197

Weakness Enumeration

Related Identifiers

Affected Products

References · 245