CVE-2022-49642

EPSS 0.06%
Veröffentlicht 26.02.2025 07:01:39
Zuletzt bearbeitet 23.10.2025 12:09:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: dwc-qos: Disable split header for Tegra194

There is a long-standing issue with the Synopsys DWC Ethernet driver
for Tegra194 where random system crashes have been observed [0]. The
problem occurs when the split header feature is enabled in the stmmac
driver. In the bad case, a larger than expected buffer length is
received and causes the calculation of the total buffer length to
overflow. This results in a very large buffer length that causes the
kernel to crash. Why this larger buffer length is received is not clear,
however, the feedback from the NVIDIA design team is that the split
header feature is not supported for Tegra194. Therefore, disable split
header support for Tegra194 to prevent these random crashes from
occurring.

[0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4 < 5.4.207

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.132

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.56

Linux ≫ Linux Kernel Version >= 5.16 < 5.18.13

Linux ≫ Linux Kernel Version5.19 Updaterc1

Linux ≫ Linux Kernel Version5.19 Updaterc2

Linux ≫ Linux Kernel Version5.19 Updaterc3

Linux ≫ Linux Kernel Version5.19 Updaterc4

Linux ≫ Linux Kernel Version5.19 Updaterc5

Linux ≫ Linux Kernel Version5.19 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/029c1c2059e9c4b38f97a06204cdecd10cfbeb8a

Patch

https://git.kernel.org/stable/c/2968830c9b47ce093237483c6207c61065712386

Patch

https://git.kernel.org/stable/c/9cc8edc571b871d974b3289868553f9ce544aba6

Patch

https://git.kernel.org/stable/c/cfa4caf3e881ad6dd366c903c34f1c7f21b857ab

Patch

https://git.kernel.org/stable/c/d5c315a787652c35045044877a249f7d5c8a4104

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49642

EUVD