CVE-2022-49592: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is > 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1. If CONFIG_UBSAN is enabled, kernel dumps below warning: [ 10.363842] ================================================================== [ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/ linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12 [ 10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int' [ 10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg [ 10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021 [ 10.363958] Call Trace: [ 10.363960] <TASK> [ 10.363963] dump_stack_lvl+0x4a/0x5f [ 10.363971] dump_stack+0x10/0x12 [ 10.363974] ubsan_epilogue+0x9/0x45 [ 10.363976] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e [ 10.363979] ? wake_up_klogd+0x4a/0x50 [ 10.363983] ? vprintk_emit+0x8f/0x240 [ 10.363986] dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac] [ 10.364001] stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac] [ 10.364009] ? dwmac410_dma_init_channel+0x70/0x70 [stmmac] [ 10.364020] stmmac_hw_setup.cold+0xf/0xb14 [stmmac] [ 10.364030] ? page_pool_alloc_pages+0x4d/0x70 [ 10.364034] ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac] [ 10.364042] stmmac_open+0x39e/0x920 [stmmac] [ 10.364050] __dev_open+0xf0/0x1a0 [ 10.364054] __dev_change_flags+0x188/0x1f0 [ 10.364057] dev_change_flags+0x26/0x60 [ 10.364059] do_setlink+0x908/0xc40 [ 10.364062] ? do_setlink+0xb10/0xc40 [ 10.364064] ? __nla_validate_parse+0x4c/0x1a0 [ 10.364068] __rtnl_newlink+0x597/0xa10 [ 10.364072] ? __nla_reserve+0x41/0x50 [ 10.364074] ? __kmalloc_node_track_caller+0x1d0/0x4d0 [ 10.364079] ? pskb_expand_head+0x75/0x310 [ 10.364082] ? nla_reserve_64bit+0x21/0x40 [ 10.364086] ? skb_free_head+0x65/0x80 [ 10.364089] ? security_sock_rcv_skb+0x2c/0x50 [ 10.364094] ? __cond_resched+0x19/0x30 [ 10.364097] ? kmem_cache_alloc_trace+0x15a/0x420 [ 10.364100] rtnl_newlink+0x49/0x70 This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue mapping warning. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
AI Analysis
Technical Summary
CVE-2022-49592 is a vulnerability identified in the Linux kernel's stmmac network driver, specifically affecting the DMA queue left shift operation in the Media Transport Layer (MTL) RX queue DMA mapping. The issue arises when the queue number exceeds 4, causing a left shift operation on a 32-bit unsigned integer to overflow. This overflow leads to incorrect mask calculations for MTL_RXQ_DMA_MAP1, which is used for channel and queue mapping in the stmmac Ethernet driver. The problem manifests as a shift exponent that is too large for the 32-bit type, triggering warnings and potential kernel instability when the kernel is compiled with the Undefined Behavior Sanitizer (UBSAN) enabled. The kernel logs indicate a shift-out-of-bounds error, which can cause unpredictable behavior during network interface initialization or operation. The root cause is a programming error in the bit-shift logic that does not properly handle queue numbers greater than 4, leading to an integer overflow. This vulnerability was resolved by correcting the mask calculation and the channel/queue mapping logic in the stmmac driver code. Although no known exploits are reported in the wild, the flaw could potentially cause kernel crashes or denial of service conditions on affected systems. The vulnerability affects Linux kernel versions including the 5.15 series used in Intel IoT Gateway platforms and potentially other embedded or server systems using the stmmac driver for Ethernet networking.
Potential Impact
For European organizations, the impact of CVE-2022-49592 primarily concerns systems running Linux kernels with the stmmac driver, which is common in embedded devices, industrial IoT gateways, and certain server environments. A successful exploitation could lead to kernel crashes or denial of service, disrupting network connectivity and potentially causing downtime in critical infrastructure or industrial control systems. This is particularly relevant for sectors such as manufacturing, energy, telecommunications, and transportation, where embedded Linux devices are prevalent. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability could be leveraged by attackers to degrade service availability or to facilitate further attacks by causing system reboots or network outages. Given the widespread use of Linux in European IT and OT environments, unpatched systems could face operational disruptions, impacting business continuity and service reliability.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify all Linux systems using the stmmac Ethernet driver, especially those running kernel versions around 5.15 or customized embedded Linux distributions. 2) Apply the official Linux kernel patches that fix the DMA queue left shift overflow issue as soon as they become available from trusted sources or Linux distribution vendors. 3) For embedded or IoT devices where kernel updates are challenging, coordinate with device manufacturers to obtain firmware updates that include the patched kernel. 4) Enable kernel hardening features such as UBSAN during development and testing phases to detect similar issues early. 5) Implement robust monitoring for kernel logs to detect shift-out-of-bounds warnings or related anomalies that may indicate attempts to trigger this vulnerability. 6) Maintain network segmentation and strict access controls to limit exposure of vulnerable devices to untrusted networks, reducing the risk of exploitation. 7) Conduct regular vulnerability assessments and penetration tests focused on embedded Linux devices to identify and remediate similar kernel-level issues proactively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2022-49592: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is > 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1. If CONFIG_UBSAN is enabled, kernel dumps below warning: [ 10.363842] ================================================================== [ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/ linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12 [ 10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int' [ 10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg [ 10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021 [ 10.363958] Call Trace: [ 10.363960] <TASK> [ 10.363963] dump_stack_lvl+0x4a/0x5f [ 10.363971] dump_stack+0x10/0x12 [ 10.363974] ubsan_epilogue+0x9/0x45 [ 10.363976] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e [ 10.363979] ? wake_up_klogd+0x4a/0x50 [ 10.363983] ? vprintk_emit+0x8f/0x240 [ 10.363986] dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac] [ 10.364001] stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac] [ 10.364009] ? dwmac410_dma_init_channel+0x70/0x70 [stmmac] [ 10.364020] stmmac_hw_setup.cold+0xf/0xb14 [stmmac] [ 10.364030] ? page_pool_alloc_pages+0x4d/0x70 [ 10.364034] ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac] [ 10.364042] stmmac_open+0x39e/0x920 [stmmac] [ 10.364050] __dev_open+0xf0/0x1a0 [ 10.364054] __dev_change_flags+0x188/0x1f0 [ 10.364057] dev_change_flags+0x26/0x60 [ 10.364059] do_setlink+0x908/0xc40 [ 10.364062] ? do_setlink+0xb10/0xc40 [ 10.364064] ? __nla_validate_parse+0x4c/0x1a0 [ 10.364068] __rtnl_newlink+0x597/0xa10 [ 10.364072] ? __nla_reserve+0x41/0x50 [ 10.364074] ? __kmalloc_node_track_caller+0x1d0/0x4d0 [ 10.364079] ? pskb_expand_head+0x75/0x310 [ 10.364082] ? nla_reserve_64bit+0x21/0x40 [ 10.364086] ? skb_free_head+0x65/0x80 [ 10.364089] ? security_sock_rcv_skb+0x2c/0x50 [ 10.364094] ? __cond_resched+0x19/0x30 [ 10.364097] ? kmem_cache_alloc_trace+0x15a/0x420 [ 10.364100] rtnl_newlink+0x49/0x70 This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue mapping warning. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
AI-Powered Analysis
Technical Analysis
CVE-2022-49592 is a vulnerability identified in the Linux kernel's stmmac network driver, specifically affecting the DMA queue left shift operation in the Media Transport Layer (MTL) RX queue DMA mapping. The issue arises when the queue number exceeds 4, causing a left shift operation on a 32-bit unsigned integer to overflow. This overflow leads to incorrect mask calculations for MTL_RXQ_DMA_MAP1, which is used for channel and queue mapping in the stmmac Ethernet driver. The problem manifests as a shift exponent that is too large for the 32-bit type, triggering warnings and potential kernel instability when the kernel is compiled with the Undefined Behavior Sanitizer (UBSAN) enabled. The kernel logs indicate a shift-out-of-bounds error, which can cause unpredictable behavior during network interface initialization or operation. The root cause is a programming error in the bit-shift logic that does not properly handle queue numbers greater than 4, leading to an integer overflow. This vulnerability was resolved by correcting the mask calculation and the channel/queue mapping logic in the stmmac driver code. Although no known exploits are reported in the wild, the flaw could potentially cause kernel crashes or denial of service conditions on affected systems. The vulnerability affects Linux kernel versions including the 5.15 series used in Intel IoT Gateway platforms and potentially other embedded or server systems using the stmmac driver for Ethernet networking.
Potential Impact
For European organizations, the impact of CVE-2022-49592 primarily concerns systems running Linux kernels with the stmmac driver, which is common in embedded devices, industrial IoT gateways, and certain server environments. A successful exploitation could lead to kernel crashes or denial of service, disrupting network connectivity and potentially causing downtime in critical infrastructure or industrial control systems. This is particularly relevant for sectors such as manufacturing, energy, telecommunications, and transportation, where embedded Linux devices are prevalent. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability could be leveraged by attackers to degrade service availability or to facilitate further attacks by causing system reboots or network outages. Given the widespread use of Linux in European IT and OT environments, unpatched systems could face operational disruptions, impacting business continuity and service reliability.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Identify all Linux systems using the stmmac Ethernet driver, especially those running kernel versions around 5.15 or customized embedded Linux distributions. 2) Apply the official Linux kernel patches that fix the DMA queue left shift overflow issue as soon as they become available from trusted sources or Linux distribution vendors. 3) For embedded or IoT devices where kernel updates are challenging, coordinate with device manufacturers to obtain firmware updates that include the patched kernel. 4) Enable kernel hardening features such as UBSAN during development and testing phases to detect similar issues early. 5) Implement robust monitoring for kernel logs to detect shift-out-of-bounds warnings or related anomalies that may indicate attempts to trigger this vulnerability. 6) Maintain network segmentation and strict access controls to limit exposure of vulnerable devices to untrusted networks, reducing the risk of exploitation. 7) Conduct regular vulnerability assessments and penetration tests focused on embedded Linux devices to identify and remediate similar kernel-level issues proactively.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.413Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe4584
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 10:57:06 PM
Last updated: 8/15/2025, 1:34:59 PM
Views: 14
Related Threats
CVE-2025-55205: CWE-863: Incorrect Authorization in projectcapsule capsule
CriticalCVE-2025-55201: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in copier-org copier
HighCVE-2025-54421: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NamelessMC Nameless
HighCVE-2025-54118: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in NamelessMC Nameless
MediumCVE-2025-54117: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in NamelessMC Nameless
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.