PT-2025-8661 · Linux+5 · Linux Kernel+5

Hulk Robot

·

Published

2022-01-01

·

Updated

2025-07-18

·

CVE-2022-49728

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0
Description A signed integer overflow issue has been identified in the Linux kernel, specifically in the ip6 append data function. This issue arises when the length variable exceeds the maximum value that can be represented by an integer, causing an overflow. The problem is resolved by changing the type of the length variable to size t, which is an unsigned type. The issue was detected by the UBSAN (Undefined Behavior Sanitizer) tool, which reported a warning for the signed integer overflow.
Recommendations For Linux kernel versions prior to 5.16.0, update to version 5.16.0 or later to resolve the issue. As a temporary workaround, consider applying the patch that changes the length variable type to size t to prevent the signed integer overflow.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-58045
BDU:2026-02628
CVE-2022-49728
DLA-4178-1
SUSE-SU-2025:01600-1
SUSE-SU-2025:01983-1
SUSE-SU-2025_01600-1
SUSE-SU-2025_01983-1
USN-7591-1
USN-7591-2
USN-7591-3
USN-7591-4
USN-7591-5
USN-7591-6
USN-7592-1
USN-7593-1
USN-7597-1
USN-7597-2
USN-7598-1
USN-7602-1
USN-7655-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu