CVE-2022-49147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49147

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49147.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49147

Downstream

DEBIAN-CVE-2022-49147

RHSA-2022:8267

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

UBUNTU-CVE-2022-49147

Related

Published

2025-02-26T07:00:51Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

block: Fix the maximum minor value is blkallocext_minor()

idaallocrange(..., min, max, ...) returns values from min to max, inclusive.

So, NREXTDEVT is a valid idx returned by blkallocext_minor().

This is an issue because in deviceadddisk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->firstminor); and NREXT_DEVT is '(1 << MINORBITS)'.

So, should 'disk->firstminor' be NREXT_DEVT, it would overflow.

References

Affected packages