CVE-2022-48711: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. This patch verifies that the number of members in a received domain record does not exceed the limit defined by MAX_MON_DOMAIN, something that may otherwise lead to a stack overflow. tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where we are reading a 32 bit message data length field into a uint16. To avert any risk of bit overflow, we add an extra sanity check for this in that function. We cannot see that happen with the current code, but future designers being unaware of this risk, may introduce it by allowing delivery of very large (> 64k) sk buffers from the bearer layer. This potential problem was identified by Eric Dumazet. This fixes CVE-2022-0435
AI Analysis
Technical Summary
CVE-2022-48711 is a medium-severity vulnerability in the Linux kernel's Transparent Inter-Process Communication (TIPC) protocol implementation. The vulnerability arises from insufficient size validation in the tipc_mon_rcv() function, which processes domain_record structures received from peer nodes to maintain network topology views. Specifically, the number of members in a received domain record was not properly checked against the defined limit MAX_MON_DOMAIN, potentially allowing a stack overflow. Additionally, the function tipc_link_proto_rcv() reads a 32-bit message data length field into a 16-bit unsigned integer, which could lead to integer overflow or truncation issues if very large socket buffers (>64k) are delivered from the bearer layer. Although the current code does not allow this scenario, the patch adds a sanity check to prevent future risks. The vulnerability could allow a local attacker with limited privileges to cause a denial of service or potentially escalate privileges by exploiting the stack overflow. The CVSS v3.1 base score is 5.3, reflecting a medium severity with local attack vector, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality, integrity, and availability to a limited extent. No known exploits are reported in the wild as of the publication date. The fix involves adding proper size validations and sanity checks to prevent stack overflow and integer overflow conditions in the TIPC monitoring code.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily to systems running Linux kernels with the vulnerable TIPC implementation enabled. TIPC is commonly used in clustered or telecom environments for efficient inter-node communication. Organizations relying on Linux-based infrastructure for telecommunications, industrial control systems, or clustered services could face service disruptions or potential privilege escalation if exploited. While the attack requires local privileges, compromised or malicious insiders, or attackers who gain limited access, could leverage this flaw to escalate privileges or cause denial of service, impacting system availability and integrity. Confidentiality impact is limited but possible if the attacker can manipulate network topology views. The vulnerability's medium severity suggests that while it is not critical, timely patching is important to maintain operational security and prevent lateral movement or service outages in critical infrastructure sectors prevalent in Europe.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions that include the fix for CVE-2022-48711. Specifically, ensure that all systems using TIPC have updated kernel versions where the size validations and sanity checks are implemented. Network administrators should audit the use of TIPC in their environments and disable it if not required to reduce the attack surface. Implement strict access controls and monitoring on systems that allow local user access to prevent unprivileged users from exploiting this vulnerability. Employ kernel integrity monitoring and runtime security tools to detect abnormal behavior related to TIPC message processing. Additionally, review and limit the privileges of local users and service accounts to minimize the risk of privilege escalation. Regular vulnerability scanning and compliance checks should include verification of kernel patch levels related to this CVE.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2022-48711: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. This patch verifies that the number of members in a received domain record does not exceed the limit defined by MAX_MON_DOMAIN, something that may otherwise lead to a stack overflow. tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where we are reading a 32 bit message data length field into a uint16. To avert any risk of bit overflow, we add an extra sanity check for this in that function. We cannot see that happen with the current code, but future designers being unaware of this risk, may introduce it by allowing delivery of very large (> 64k) sk buffers from the bearer layer. This potential problem was identified by Eric Dumazet. This fixes CVE-2022-0435
AI-Powered Analysis
Technical Analysis
CVE-2022-48711 is a medium-severity vulnerability in the Linux kernel's Transparent Inter-Process Communication (TIPC) protocol implementation. The vulnerability arises from insufficient size validation in the tipc_mon_rcv() function, which processes domain_record structures received from peer nodes to maintain network topology views. Specifically, the number of members in a received domain record was not properly checked against the defined limit MAX_MON_DOMAIN, potentially allowing a stack overflow. Additionally, the function tipc_link_proto_rcv() reads a 32-bit message data length field into a 16-bit unsigned integer, which could lead to integer overflow or truncation issues if very large socket buffers (>64k) are delivered from the bearer layer. Although the current code does not allow this scenario, the patch adds a sanity check to prevent future risks. The vulnerability could allow a local attacker with limited privileges to cause a denial of service or potentially escalate privileges by exploiting the stack overflow. The CVSS v3.1 base score is 5.3, reflecting a medium severity with local attack vector, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality, integrity, and availability to a limited extent. No known exploits are reported in the wild as of the publication date. The fix involves adding proper size validations and sanity checks to prevent stack overflow and integer overflow conditions in the TIPC monitoring code.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily to systems running Linux kernels with the vulnerable TIPC implementation enabled. TIPC is commonly used in clustered or telecom environments for efficient inter-node communication. Organizations relying on Linux-based infrastructure for telecommunications, industrial control systems, or clustered services could face service disruptions or potential privilege escalation if exploited. While the attack requires local privileges, compromised or malicious insiders, or attackers who gain limited access, could leverage this flaw to escalate privileges or cause denial of service, impacting system availability and integrity. Confidentiality impact is limited but possible if the attacker can manipulate network topology views. The vulnerability's medium severity suggests that while it is not critical, timely patching is important to maintain operational security and prevent lateral movement or service outages in critical infrastructure sectors prevalent in Europe.
Mitigation Recommendations
European organizations should prioritize patching Linux kernels to versions that include the fix for CVE-2022-48711. Specifically, ensure that all systems using TIPC have updated kernel versions where the size validations and sanity checks are implemented. Network administrators should audit the use of TIPC in their environments and disable it if not required to reduce the attack surface. Implement strict access controls and monitoring on systems that allow local user access to prevent unprivileged users from exploiting this vulnerability. Employ kernel integrity monitoring and runtime security tools to detect abnormal behavior related to TIPC message processing. Additionally, review and limit the privileges of local users and service accounts to minimize the risk of privilege escalation. Regular vulnerability scanning and compliance checks should include verification of kernel patch levels related to this CVE.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.049Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5ef1
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:26:55 PM
Last updated: 7/29/2025, 5:10:21 AM
Views: 10
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumCVE-2025-9051: SQL Injection in projectworlds Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.