CVE-2022-49862: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump") where it should have type casted sizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative value. syzbot reported a call trace because of it: BUG: KMSAN: uninit-value in ... tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934 __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238 tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321 tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline] genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792 netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501 genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline]
AI Analysis
Technical Summary
CVE-2022-49862 is a vulnerability identified in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem, specifically within the netlink compatibility code handling name table dumps. The issue arises from an improper length check on the msg->req TLV (Type-Length-Value) field in the function tipc_nl_compat_name_table_dump_header. This vulnerability is a follow-up fix to a previous patch (commit 974cb0e3e7c9) that addressed an uninitialized value problem in tipc_nl_compat_name_table_dump. The root cause involves incorrect type casting of the size value to int, which is necessary because the macro TLV_GET_DATA_LEN() can return negative values. Without proper casting and validation, this can lead to the kernel processing invalid or uninitialized memory data. The vulnerability was detected by syzbot, a kernel fuzzing tool, which reported a call trace indicating a BUG related to Kernel Memory Sanitizer (KMSAN) detecting uninitialized values in the affected function. The call trace shows the chain of kernel functions involved, confirming that the flaw exists in the netlink compatibility layer of TIPC. Although no known exploits are currently reported in the wild, the vulnerability could potentially be triggered by a local or remote attacker capable of sending crafted netlink messages to the kernel, leading to undefined behavior such as kernel crashes or information leakage. The affected versions include multiple Linux kernel commits prior to the fix, indicating that a range of kernel versions incorporating these commits are vulnerable. No CVSS score has been assigned yet, and no patches or exploit code are publicly available at this time.
Potential Impact
For European organizations, the impact of CVE-2022-49862 depends largely on their use of Linux systems with the TIPC subsystem enabled, which is commonly used in clustered or telecom environments for inter-process communication. Exploitation could lead to kernel instability, causing denial of service through system crashes or potential information disclosure due to uninitialized memory reads. This could disrupt critical infrastructure, telecommunications, or enterprise services relying on Linux servers. Given the kernel-level nature of the vulnerability, successful exploitation might allow attackers to escalate privileges or execute arbitrary code with kernel privileges, severely compromising system integrity and confidentiality. Organizations in sectors such as telecommunications, cloud service providers, and industries using Linux-based embedded systems might be particularly at risk. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely deployed Linux kernels means that European entities should proactively address it to avoid future exploitation.
Mitigation Recommendations
Specific mitigation steps include: 1) Promptly apply the official Linux kernel patches that address this vulnerability once they are released and verified. 2) For organizations using custom or long-term support kernels, backport the fix from the mainline kernel to ensure protection. 3) Disable or restrict access to the TIPC subsystem if it is not required, as this reduces the attack surface. 4) Implement strict network filtering to block unauthorized netlink messages, especially from untrusted sources, to prevent exploitation attempts. 5) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Memory Sanitizer (KMSAN) to detect and mitigate memory-related issues. 6) Monitor kernel logs and system behavior for anomalies indicative of exploitation attempts, such as unexpected crashes or suspicious netlink activity. 7) Maintain up-to-date intrusion detection and prevention systems capable of recognizing unusual kernel-level interactions. These measures go beyond generic advice by focusing on subsystem-specific controls and proactive patch management tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-49862: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump") where it should have type casted sizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative value. syzbot reported a call trace because of it: BUG: KMSAN: uninit-value in ... tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934 __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238 tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321 tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline] genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792 netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501 genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline]
AI-Powered Analysis
Technical Analysis
CVE-2022-49862 is a vulnerability identified in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem, specifically within the netlink compatibility code handling name table dumps. The issue arises from an improper length check on the msg->req TLV (Type-Length-Value) field in the function tipc_nl_compat_name_table_dump_header. This vulnerability is a follow-up fix to a previous patch (commit 974cb0e3e7c9) that addressed an uninitialized value problem in tipc_nl_compat_name_table_dump. The root cause involves incorrect type casting of the size value to int, which is necessary because the macro TLV_GET_DATA_LEN() can return negative values. Without proper casting and validation, this can lead to the kernel processing invalid or uninitialized memory data. The vulnerability was detected by syzbot, a kernel fuzzing tool, which reported a call trace indicating a BUG related to Kernel Memory Sanitizer (KMSAN) detecting uninitialized values in the affected function. The call trace shows the chain of kernel functions involved, confirming that the flaw exists in the netlink compatibility layer of TIPC. Although no known exploits are currently reported in the wild, the vulnerability could potentially be triggered by a local or remote attacker capable of sending crafted netlink messages to the kernel, leading to undefined behavior such as kernel crashes or information leakage. The affected versions include multiple Linux kernel commits prior to the fix, indicating that a range of kernel versions incorporating these commits are vulnerable. No CVSS score has been assigned yet, and no patches or exploit code are publicly available at this time.
Potential Impact
For European organizations, the impact of CVE-2022-49862 depends largely on their use of Linux systems with the TIPC subsystem enabled, which is commonly used in clustered or telecom environments for inter-process communication. Exploitation could lead to kernel instability, causing denial of service through system crashes or potential information disclosure due to uninitialized memory reads. This could disrupt critical infrastructure, telecommunications, or enterprise services relying on Linux servers. Given the kernel-level nature of the vulnerability, successful exploitation might allow attackers to escalate privileges or execute arbitrary code with kernel privileges, severely compromising system integrity and confidentiality. Organizations in sectors such as telecommunications, cloud service providers, and industries using Linux-based embedded systems might be particularly at risk. The absence of known exploits reduces immediate risk, but the vulnerability's presence in widely deployed Linux kernels means that European entities should proactively address it to avoid future exploitation.
Mitigation Recommendations
Specific mitigation steps include: 1) Promptly apply the official Linux kernel patches that address this vulnerability once they are released and verified. 2) For organizations using custom or long-term support kernels, backport the fix from the mainline kernel to ensure protection. 3) Disable or restrict access to the TIPC subsystem if it is not required, as this reduces the attack surface. 4) Implement strict network filtering to block unauthorized netlink messages, especially from untrusted sources, to prevent exploitation attempts. 5) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Memory Sanitizer (KMSAN) to detect and mitigate memory-related issues. 6) Monitor kernel logs and system behavior for anomalies indicative of exploitation attempts, such as unexpected crashes or suspicious netlink activity. 7) Maintain up-to-date intrusion detection and prevention systems capable of recognizing unusual kernel-level interactions. These measures go beyond generic advice by focusing on subsystem-specific controls and proactive patch management tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.236Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd765
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 12:56:32 AM
Last updated: 8/15/2025, 7:20:55 PM
Views: 23
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.