Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds shift attempts. Which bits end up being set in such case is implementation defined, but it's either going to be a wrong non-zero value, or zero, which is at least not misleading. Make the latter choice deterministic by always setting to 0 for higher-numbered multicast groups. To get information about membership in groups >= 32, userspace is expected to use nl_pktinfo control messages[0], which are enabled by NETLINK_PKTINFO socket option. [0] https://lwn.net/Articles/147608/ The way to trigger this issue is e.g. through monitoring the BRVLAN group: # bridge monitor vlan & # ip link add name br type bridge Which produces the following citation: UBSAN: shift-out-of-bounds in net/netlink/af_netlink.c:162:19 shift exponent 32 is too large for 32-bit type 'int'
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.14, < 4.9.311 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0caf6d9922192dd1afa8dc2131abfb4df1443b9fPatch
- https://git.kernel.org/stable/c/41249fff507387c3323b198d0052faed08b14de4Patch
- https://git.kernel.org/stable/c/7409ff6393a67ff9838d0ae1bd102fb5f020d07aPatch
- https://git.kernel.org/stable/c/ac5883a8890a11c00b32a19949a25d4afeaa2f5aPatch
- https://git.kernel.org/stable/c/b0898362188e05b2202656058cc32d98fabf3bacPatch
- https://git.kernel.org/stable/c/e1c5d46f05aa23d740daae5cd3a6472145afac42Patch
- https://git.kernel.org/stable/c/e23e1e981247feb3c7d0236fe58aceb685f234aePatch
- https://git.kernel.org/stable/c/e8aaf3134bc5e943048eefe9f2ddaabf41d92b1aPatch
- https://git.kernel.org/stable/c/f75f4abeec4c04b600a15b50c89a481f1e7435eePatch
FAQ
What is CVE-2022-49197?
CVE-2022-49197 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the a...
How severe is CVE-2022-49197?
CVE-2022-49197 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49197?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.