CVE-2022-49030

HIGH

Linux Kernel 5.8-5.10.158 5.11-5.15.82 5.16-6.0.12 - Integer Overflow in Ring Buffer Mmap Size Calculation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries will overflow u32 when mapping producer page and data pages. Only casting max_entries to size_t is not enough, because for 32-bits application on 64-bits kernel the size of read-only mmap region also could overflow size_t. So fixing it by casting the size of read-only mmap region into a __u64 and checking whether or not there will be overflow during mmap.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/8a549ab6724520aa3c07f47e0eba820293551490

Patch

https://git.kernel.org/stable/c/0140e079a42064680394fff1199a7b5483688dec

Patch

https://git.kernel.org/stable/c/535a25ab4f9a45f74ba38ab71de95e97474922ed

Patch

https://git.kernel.org/stable/c/927cbb478adf917e0a142b94baa37f06279cc466

Scores

CVSS v3 7.8

EPSS 0.0028

EPSS Percentile 19.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (15)

linux/Kernel 5.11.0 - 5.15.82linux

linux/Kernel 5.16.0 - 6.0.12linux

linux/Kernel 5.8.0 - 5.10.158linux

Linux/Linux < 5.8

Linux/Linux 5.10.158 - 5.10.*

Linux/Linux 5.15.82 - 5.15.*

Linux/Linux 5.8

Linux/Linux 6.0.12 - 6.0.*

Linux/Linux 6.1

Linux/Linux bf99c936f9478a05d51e9f101f90de70bee9a89c - 0140e079a42064680394fff1199a7b5483688dec

... and 5 more

Published Oct 21, 2024

Tracked Since Feb 18, 2026