← Back

CVE-2022-49790

nvd nist
Published: May 1, 2025Modified: Nov 5, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read.

Affected (9)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 5.11 to 5.15.80
Linux Kernel
From 5.16 to 6.0.10
Linux Kernel
From 5.3 to 5.4.225
Linux Kernel
From 5.5 to 5.10.156
Linux Kernel
Version 6.1 rc1
Linux Kernel
Version 6.1 rc2
Linux Kernel
Version 6.1 rc3
Linux Kernel
Version 6.1 rc4
Linux Kernel
Version 6.1 rc5

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (5)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.