PT-2025-8302 · Linux+2 · Linux Kernel+2

Dan Carpenter

Published

2025-02-26

Updated

2025-04-14

CVE-2022-49368

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A resolved issue in the Linux kernel involves an out of bounds read in the mtk hwlro get fdir entry() function. The fsp->location variable, which comes from the user via the ethtool get rxnfc() function, is not properly validated, leading to a potential out of bounds read. This issue can be mitigated by checking the validity of the fsp->location variable to prevent such reads.

Recommendations For the Linux kernel, ensure that the fsp->location variable is validated to prevent out of bounds reads in the mtk hwlro get fdir entry() function. As a temporary workaround, consider adding input validation for the ethtool get rxnfc() function to restrict potentially malicious user input.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2022-49368

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8302 · Linux+2 · Linux Kernel+2

CVE-2022-49368

Weakness Enumeration

Related Identifiers

Affected Products

References · 1333