CVE-2022-49051: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by a cloned SKB that has already been handed off into the network stack. - A packet SKB can be constructed whose tail is far beyond its end, causing out-of-bounds heap data to be considered part of the SKB's data. Found doing variant analysis. Tested it with another driver (ax88179_178a), since I don't have a aqc111 device to test it, but the code looks very similar.
AI Analysis
Technical Summary
CVE-2022-49051 is a vulnerability identified in the Linux kernel's USB network driver for the Aquantia AQC111 device (aqc111). The flaw exists in the function aqc111_rx_fixup(), which processes received USB network packets. Specifically, the vulnerability involves multiple out-of-bounds (OOB) memory accesses triggered by malformed or malicious USB devices. The metadata array used to parse packet descriptors can be accessed beyond its allocated bounds, leading to OOB reads and, on big-endian systems, incorrect endianness conversions that corrupt data. Additionally, packets may overlap with the metadata array, causing further OOB endianness flips that corrupt data used by cloned socket buffers (SKBs) already handed off to the network stack. Another issue is that a crafted SKB can have its tail pointer set far beyond the actual buffer end, causing heap memory beyond the SKB to be treated as valid packet data. These memory corruptions could lead to data integrity issues, potential kernel memory disclosure, or kernel crashes. The vulnerability was discovered through variant analysis and tested on a similar driver (ax88179_178a) due to lack of access to an actual aqc111 device, but the code similarity suggests the vulnerability is valid. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable commit hashes listed, and it was publicly disclosed on February 26, 2025. This vulnerability is significant because it can be triggered by a malicious or defective USB device connected to the system, potentially allowing local attackers or compromised USB peripherals to cause kernel memory corruption, leading to denial of service or possibly privilege escalation if exploited further.
Potential Impact
For European organizations, the impact of CVE-2022-49051 depends on the deployment of Linux systems using the affected kernel versions with the aqc111 USB network driver enabled. Organizations relying on Linux servers, workstations, or embedded devices that accept USB network devices are at risk. The vulnerability could be exploited by an attacker with physical access or by supply chain attacks involving malicious USB devices. Potential impacts include system crashes (denial of service), data corruption, and in worst cases, kernel-level compromise if the memory corruption is leveraged for privilege escalation. This could disrupt critical infrastructure, enterprise networks, or industrial control systems using Linux-based devices. Given the increasing use of Linux in European government, finance, telecommunications, and manufacturing sectors, exploitation could lead to operational downtime, data integrity issues, and increased incident response costs. However, the lack of known exploits and the requirement for a malicious USB device to be connected limit remote exploitation risks. Still, organizations with lax physical security or those using USB network adapters in sensitive environments should consider this a serious threat.
Mitigation Recommendations
1. Apply the latest Linux kernel patches as soon as they become available from trusted sources or distributions to address the aqc111 driver vulnerability. 2. Restrict physical access to critical systems to prevent unauthorized USB device connections. 3. Implement USB device whitelisting or disable USB ports where not required, especially on servers and sensitive endpoints. 4. Use kernel lockdown features and security modules (e.g., SELinux, AppArmor) to limit the impact of kernel memory corruption. 5. Monitor system logs and kernel messages for anomalies related to USB device behavior or network driver errors. 6. For embedded or specialized Linux devices, verify firmware and driver versions and coordinate with vendors for timely updates. 7. Conduct regular security audits of USB device usage policies and educate staff on risks of connecting unknown USB peripherals. 8. Consider deploying endpoint protection solutions capable of detecting unusual USB device activity or kernel anomalies. These steps go beyond generic advice by focusing on physical security controls, device management policies, and proactive kernel security hardening tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium
CVE-2022-49051: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by a cloned SKB that has already been handed off into the network stack. - A packet SKB can be constructed whose tail is far beyond its end, causing out-of-bounds heap data to be considered part of the SKB's data. Found doing variant analysis. Tested it with another driver (ax88179_178a), since I don't have a aqc111 device to test it, but the code looks very similar.
AI-Powered Analysis
Technical Analysis
CVE-2022-49051 is a vulnerability identified in the Linux kernel's USB network driver for the Aquantia AQC111 device (aqc111). The flaw exists in the function aqc111_rx_fixup(), which processes received USB network packets. Specifically, the vulnerability involves multiple out-of-bounds (OOB) memory accesses triggered by malformed or malicious USB devices. The metadata array used to parse packet descriptors can be accessed beyond its allocated bounds, leading to OOB reads and, on big-endian systems, incorrect endianness conversions that corrupt data. Additionally, packets may overlap with the metadata array, causing further OOB endianness flips that corrupt data used by cloned socket buffers (SKBs) already handed off to the network stack. Another issue is that a crafted SKB can have its tail pointer set far beyond the actual buffer end, causing heap memory beyond the SKB to be treated as valid packet data. These memory corruptions could lead to data integrity issues, potential kernel memory disclosure, or kernel crashes. The vulnerability was discovered through variant analysis and tested on a similar driver (ax88179_178a) due to lack of access to an actual aqc111 device, but the code similarity suggests the vulnerability is valid. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable commit hashes listed, and it was publicly disclosed on February 26, 2025. This vulnerability is significant because it can be triggered by a malicious or defective USB device connected to the system, potentially allowing local attackers or compromised USB peripherals to cause kernel memory corruption, leading to denial of service or possibly privilege escalation if exploited further.
Potential Impact
For European organizations, the impact of CVE-2022-49051 depends on the deployment of Linux systems using the affected kernel versions with the aqc111 USB network driver enabled. Organizations relying on Linux servers, workstations, or embedded devices that accept USB network devices are at risk. The vulnerability could be exploited by an attacker with physical access or by supply chain attacks involving malicious USB devices. Potential impacts include system crashes (denial of service), data corruption, and in worst cases, kernel-level compromise if the memory corruption is leveraged for privilege escalation. This could disrupt critical infrastructure, enterprise networks, or industrial control systems using Linux-based devices. Given the increasing use of Linux in European government, finance, telecommunications, and manufacturing sectors, exploitation could lead to operational downtime, data integrity issues, and increased incident response costs. However, the lack of known exploits and the requirement for a malicious USB device to be connected limit remote exploitation risks. Still, organizations with lax physical security or those using USB network adapters in sensitive environments should consider this a serious threat.
Mitigation Recommendations
1. Apply the latest Linux kernel patches as soon as they become available from trusted sources or distributions to address the aqc111 driver vulnerability. 2. Restrict physical access to critical systems to prevent unauthorized USB device connections. 3. Implement USB device whitelisting or disable USB ports where not required, especially on servers and sensitive endpoints. 4. Use kernel lockdown features and security modules (e.g., SELinux, AppArmor) to limit the impact of kernel memory corruption. 5. Monitor system logs and kernel messages for anomalies related to USB device behavior or network driver errors. 6. For embedded or specialized Linux devices, verify firmware and driver versions and coordinate with vendors for timely updates. 7. Conduct regular security audits of USB device usage policies and educate staff on risks of connecting unknown USB peripherals. 8. Consider deploying endpoint protection solutions capable of detecting unusual USB device activity or kernel anomalies. These steps go beyond generic advice by focusing on physical security controls, device management policies, and proactive kernel security hardening tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.242Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe69e4
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 1:42:31 AM
Last updated: 8/15/2025, 10:33:23 AM
Views: 12
Related Threats
CVE-2025-55420: n/a
UnknownCVE-2025-9306: Cross Site Scripting in SourceCodester Advanced School Management System
MediumCVE-2025-7221: CWE-285 Improper Authorization in givewp GiveWP – Donation Plugin and Fundraising Platform
MediumCVE-2025-9305: SQL Injection in SourceCodester Online Bank Management System
MediumCVE-2025-9304: SQL Injection in SourceCodester Online Bank Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.