CVE-2022-49374 (GCVE-0-2022-49374)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline] BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:644 [inline] string+0x4f9/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283 vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50 _printk+0x18d/0x1cf kernel/printk/printk.c:2293 tipc_enable_bearer net/tipc/bearer.c:371 [inline] __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033 tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] - Do sanity check the attribute length for TIPC_NLA_BEARER_NAME. - Do not use 'illegal name' in printing message.
References
Impacted products
Vendor Product Version
Linux Linux Version: cb30a63384bc91d5da06e1cede1115f666a29271
Version: cb30a63384bc91d5da06e1cede1115f666a29271
Version: cb30a63384bc91d5da06e1cede1115f666a29271
Version: cb30a63384bc91d5da06e1cede1115f666a29271
Version: cb30a63384bc91d5da06e1cede1115f666a29271
Version: cb30a63384bc91d5da06e1cede1115f666a29271
Version: cb30a63384bc91d5da06e1cede1115f666a29271
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/bearer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f07670871f4d19e613740eebe210e7e9ea535973",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            },
            {
              "lessThan": "8b91d0dfc839e67708c905648cd0e7507a2263e5",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            },
            {
              "lessThan": "b8fac8e321044a9ac50f7185b4e9d91a7745e4b0",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            },
            {
              "lessThan": "92a930fcf4250fe961f6238b99af0bc405799f39",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            },
            {
              "lessThan": "292be63c382ce20673ee61dff1ee9ed4a3dcaae7",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            },
            {
              "lessThan": "3af15272cde28fe5c8489174b8624e232c1775ec",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            },
            {
              "lessThan": "7f36f798f89bf32c0164049cb0e3fd1af613d0bb",
              "status": "affected",
              "version": "cb30a63384bc91d5da06e1cede1115f666a29271",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/bearer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.247",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.198",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.122",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.47",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.15",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.4",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: check attribute length for bearer name\n\nsyzbot reported uninit-value:\n=====================================================\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]\nBUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725\n string_nocheck lib/vsprintf.c:644 [inline]\n string+0x4f9/0x6f0 lib/vsprintf.c:725\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\n vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283\n vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50\n _printk+0x18d/0x1cf kernel/printk/printk.c:2293\n tipc_enable_bearer net/tipc/bearer.c:371 [inline]\n __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033\n tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042\n genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\n\n- Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.\n- Do not use \u0027illegal name\u0027 in printing message."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:36:19.539Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f07670871f4d19e613740eebe210e7e9ea535973"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b91d0dfc839e67708c905648cd0e7507a2263e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8fac8e321044a9ac50f7185b4e9d91a7745e4b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/92a930fcf4250fe961f6238b99af0bc405799f39"
        },
        {
          "url": "https://git.kernel.org/stable/c/292be63c382ce20673ee61dff1ee9ed4a3dcaae7"
        },
        {
          "url": "https://git.kernel.org/stable/c/3af15272cde28fe5c8489174b8624e232c1775ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f36f798f89bf32c0164049cb0e3fd1af613d0bb"
        }
      ],
      "title": "tipc: check attribute length for bearer name",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49374",
    "datePublished": "2025-02-26T02:11:15.127Z",
    "dateReserved": "2025-02-26T02:08:31.556Z",
    "dateUpdated": "2025-05-04T08:36:19.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49374\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:14.060\",\"lastModified\":\"2025-04-14T20:37:37.157\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: check attribute length for bearer name\\n\\nsyzbot reported uninit-value:\\n=====================================================\\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]\\nBUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725\\n string_nocheck lib/vsprintf.c:644 [inline]\\n string+0x4f9/0x6f0 lib/vsprintf.c:725\\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\\n vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283\\n vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50\\n _printk+0x18d/0x1cf kernel/printk/printk.c:2293\\n tipc_enable_bearer net/tipc/bearer.c:371 [inline]\\n __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033\\n tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042\\n genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\\n\\n- Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.\\n- Do not use \u0027illegal name\u0027 in printing message.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: comprobar la longitud del atributo para el nombre del portador syzbot inform\u00f3 de un valor no inicializado: ======================================================== ERROR: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:644 [inline] string+0x4f9/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283 vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50 _printk+0x18d/0x1cf kernel/printk/printk.c:2293 tipc_enable_bearer net/tipc/bearer.c:371 [inline] __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033 tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] - Do sanity check the attribute length for TIPC_NLA_BEARER_NAME. - Do not use \u0027illegal name\u0027 in printing message. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.17\",\"versionEndExcluding\":\"4.19.247\",\"matchCriteriaId\":\"1D618A3C-AEC5-4520-BBDB-002AC8CA3FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.198\",\"matchCriteriaId\":\"3EC49633-14DE-4EBD-BB80-76AE2E3EABB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.122\",\"matchCriteriaId\":\"1B42AA01-44D8-4572-95E6-FF8E374CF9C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.47\",\"matchCriteriaId\":\"FC042EE3-4864-4325-BE0B-4BCDBF11AA61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.17.15\",\"matchCriteriaId\":\"53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18\",\"versionEndExcluding\":\"5.18.4\",\"matchCriteriaId\":\"FA6D643C-6D6A-4821-8A8D-B5776B8F0103\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/292be63c382ce20673ee61dff1ee9ed4a3dcaae7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3af15272cde28fe5c8489174b8624e232c1775ec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7f36f798f89bf32c0164049cb0e3fd1af613d0bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8b91d0dfc839e67708c905648cd0e7507a2263e5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/92a930fcf4250fe961f6238b99af0bc405799f39\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b8fac8e321044a9ac50f7185b4e9d91a7745e4b0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f07670871f4d19e613740eebe210e7e9ea535973\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.