PT-2025-8411 · Linux+2 · Linux Kernel+2

Syzbot

Published

2025-02-26

Updated

2025-05-20

CVE-2022-49478

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, specifically in the pvrusb2 media module. The issue arises from an array-index-out-of-bounds error in the pvr2 i2c core init function. This occurs because the hdw->unit number is initialized with -1, and if the initialization table walk fails, this value remains unchanged. As a result, the code uses this member for array indexing without proper validation, leading to the error. The problem was reported by Syzbot.

Recommendations To resolve this issue, apply the fix that adds a sanity check to prevent the array-index-out-of-bounds error in the pvr2 i2c core init function. Move the hdw->workpoll initialization to prevent warnings in the flush work function.

Exploit

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2022-49478

OESA-2025-1370

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:01600-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_01600-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8411 · Linux+2 · Linux Kernel+2

CVE-2022-49478

Weakness Enumeration

Related Identifiers

Affected Products

References · 1498