CVE-2022-49147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49147

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49147.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49147

Downstream

DEBIAN-CVE-2022-49147

RHSA-2022:8267

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

UBUNTU-CVE-2022-49147

Related

Published

2025-02-26T01:55:15Z

Modified

2025-10-15T19:10:51.579645Z

Summary

block: Fix the maximum minor value is blk_alloc_ext_minor()

Details

In the Linux kernel, the following vulnerability has been resolved:

block: Fix the maximum minor value is blkallocext_minor()

idaallocrange(..., min, max, ...) returns values from min to max, inclusive.

So, NREXTDEVT is a valid idx returned by blkallocext_minor().

This is an issue because in deviceadddisk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->firstminor); and NREXT_DEVT is '(1 << MINORBITS)'.

So, should 'disk->firstminor' be NREXT_DEVT, it would overflow.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

22ae8ce8b89241c94ac00c237752c0ffa37ba5ae

Fixed

5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

22ae8ce8b89241c94ac00c237752c0ffa37ba5ae

Fixed

0f8cf8f5ccbad25ed6828875b222dbab29d5c272

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

22ae8ce8b89241c94ac00c237752c0ffa37ba5ae

Fixed

fbe2cc4525480ddd20c866bb5c0578071e01451a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

22ae8ce8b89241c94ac00c237752c0ffa37ba5ae

Fixed

d1868328dec5ae2cf210111025fcbc71f78dd5ca

Affected versions

v5.*

v5.10

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.12

v5.16.13

v5.16.14

v5.16.15

v5.16.16

v5.16.17

v5.16.18

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.33

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.19

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.2