CVE-2022-49269

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49269
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49269.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49269
Downstream
Related
Published
2025-02-26T01:56:17.204Z
Modified
2025-11-28T16:43:41.301598Z
Summary
can: isotp: sanitize CAN ID checks in isotp_bind()
Details

In the Linux kernel, the following vulnerability has been resolved:

can: isotp: sanitize CAN ID checks in isotp_bind()

Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted of CAN ID 0x6000001 and 0xC28001 which both boil down to 11 bit CAN IDs 0x001 in sending and receiving.

Sanitize the SFF/EFF CAN ID values before performing the address checks.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49269.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e057dd3fc20ffb3d7f150af46542a51b59b90127
Fixed
d72866a7f5326160d2a9d945a33eb6ef1883e25d
Fixed
f343dbe82314ab457153c9afd970be4e9e553020
Fixed
cf522d741f5301223cc94b978eb1603c7590d65e
Fixed
7b4652fc71dcec043977a6def80ef5034c913615
Fixed
3ea566422cbde9610c2734980d1286ab681bb40e

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.9

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "205537448216847481911098723723335249752",
                "311585165431802706025263969833151734977",
                "82269160845815773267781848397090350183",
                "161976867100495284979743182814160745055",
                "187745717394528553084758995596129940854",
                "117699611913072305823022627369160897169",
                "233808590837627801487805407620892122263",
                "256955766270272755680803020859548537785",
                "67439880968770644703525546353058406775",
                "230641422895657782695410628330386149643",
                "152432644092006969989882634329143181179",
                "187084654560809119350883701926020860491",
                "304177964189812433060230367888220333683",
                "123940679102298074494759598282347921112",
                "200402176154725878489337871826555163763",
                "93220793987161912459635511633686066694",
                "127047485758436262553188278057945031147",
                "19755512860756015621115382451854135823",
                "219662554873562595883365431504800212287",
                "249569829618363129806768963363350206685",
                "223046274972963272633520962159054457718",
                "47741777193550940047743280191344220349",
                "44602514896103377885704104299719611042",
                "289431932983201277081952639046688104114",
                "231662775182059772340482443181947181525",
                "283511786574673533812920067391754787085",
                "47444550202065615147965257647685526953",
                "233149670239866831064094160395834201203",
                "72902690149282734583233912900941563907",
                "294381982120058107670867197778475459359",
                "207372468089512354262847600531498248176",
                "66229909117248421664388010990707616787",
                "192658118556008318628893129314014455705",
                "95636588107849901026847817888568717216",
                "240694166605272108246037171722888101747"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "net/can/isotp.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-13fc1bbd",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b4652fc71dcec043977a6def80ef5034c913615"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "265046773487015736215456989358232752128",
            "length": 2157.0
        },
        "signature_type": "Function",
        "target": {
            "file": "net/can/isotp.c",
            "function": "isotp_bind"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-43d1e153",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ea566422cbde9610c2734980d1286ab681bb40e"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "205537448216847481911098723723335249752",
                "311585165431802706025263969833151734977",
                "82269160845815773267781848397090350183",
                "161976867100495284979743182814160745055",
                "187745717394528553084758995596129940854",
                "117699611913072305823022627369160897169",
                "233808590837627801487805407620892122263",
                "256955766270272755680803020859548537785",
                "67439880968770644703525546353058406775",
                "230641422895657782695410628330386149643",
                "152432644092006969989882634329143181179",
                "187084654560809119350883701926020860491",
                "304177964189812433060230367888220333683",
                "123940679102298074494759598282347921112",
                "200402176154725878489337871826555163763",
                "93220793987161912459635511633686066694",
                "127047485758436262553188278057945031147",
                "19755512860756015621115382451854135823",
                "219662554873562595883365431504800212287",
                "249569829618363129806768963363350206685",
                "223046274972963272633520962159054457718",
                "47741777193550940047743280191344220349",
                "44602514896103377885704104299719611042",
                "289431932983201277081952639046688104114",
                "231662775182059772340482443181947181525",
                "283511786574673533812920067391754787085",
                "47444550202065615147965257647685526953",
                "233149670239866831064094160395834201203",
                "72902690149282734583233912900941563907",
                "294381982120058107670867197778475459359",
                "207372468089512354262847600531498248176",
                "66229909117248421664388010990707616787",
                "192658118556008318628893129314014455705",
                "95636588107849901026847817888568717216",
                "240694166605272108246037171722888101747"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "net/can/isotp.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-4a86021e",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f343dbe82314ab457153c9afd970be4e9e553020"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "314211816158561745837343372492296451371",
            "length": 1918.0
        },
        "signature_type": "Function",
        "target": {
            "file": "net/can/isotp.c",
            "function": "isotp_bind"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-56def1d6",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d72866a7f5326160d2a9d945a33eb6ef1883e25d"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "205537448216847481911098723723335249752",
                "311585165431802706025263969833151734977",
                "82269160845815773267781848397090350183",
                "161976867100495284979743182814160745055",
                "187745717394528553084758995596129940854",
                "117699611913072305823022627369160897169",
                "233808590837627801487805407620892122263",
                "256955766270272755680803020859548537785",
                "67439880968770644703525546353058406775",
                "230641422895657782695410628330386149643",
                "152432644092006969989882634329143181179",
                "187084654560809119350883701926020860491",
                "304177964189812433060230367888220333683",
                "123940679102298074494759598282347921112",
                "200402176154725878489337871826555163763",
                "93220793987161912459635511633686066694",
                "127047485758436262553188278057945031147",
                "19755512860756015621115382451854135823",
                "219662554873562595883365431504800212287",
                "249569829618363129806768963363350206685",
                "223046274972963272633520962159054457718",
                "47741777193550940047743280191344220349",
                "44602514896103377885704104299719611042",
                "289431932983201277081952639046688104114",
                "231662775182059772340482443181947181525",
                "299254078134195383036048033819385126870",
                "26816932361378932382650661558821276067",
                "310234520924190975440372106868875470267",
                "299104123402826380329584939467402716629",
                "305433582197722602100648230228596668741",
                "17744129848043890148574307874083586909",
                "61722726214244738771580826324599977238",
                "139754905161922867213820697226377090714",
                "307893925330609979650121498533198022830",
                "207372468089512354262847600531498248176",
                "66229909117248421664388010990707616787",
                "192658118556008318628893129314014455705",
                "95636588107849901026847817888568717216",
                "240694166605272108246037171722888101747"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "net/can/isotp.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-7e197de3",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ea566422cbde9610c2734980d1286ab681bb40e"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "127503273061667215568412613468780618112",
            "length": 1904.0
        },
        "signature_type": "Function",
        "target": {
            "file": "net/can/isotp.c",
            "function": "isotp_bind"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-8c67b923",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f343dbe82314ab457153c9afd970be4e9e553020"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "205537448216847481911098723723335249752",
                "311585165431802706025263969833151734977",
                "82269160845815773267781848397090350183",
                "161976867100495284979743182814160745055",
                "187745717394528553084758995596129940854",
                "117699611913072305823022627369160897169",
                "233808590837627801487805407620892122263",
                "256955766270272755680803020859548537785",
                "67439880968770644703525546353058406775",
                "230641422895657782695410628330386149643",
                "152432644092006969989882634329143181179",
                "187084654560809119350883701926020860491",
                "304177964189812433060230367888220333683",
                "123940679102298074494759598282347921112",
                "200402176154725878489337871826555163763",
                "93220793987161912459635511633686066694",
                "127047485758436262553188278057945031147",
                "19755512860756015621115382451854135823",
                "219662554873562595883365431504800212287",
                "249569829618363129806768963363350206685",
                "223046274972963272633520962159054457718",
                "47741777193550940047743280191344220349",
                "44602514896103377885704104299719611042",
                "289431932983201277081952639046688104114",
                "231662775182059772340482443181947181525",
                "283511786574673533812920067391754787085",
                "47444550202065615147965257647685526953",
                "233149670239866831064094160395834201203",
                "72902690149282734583233912900941563907",
                "294381982120058107670867197778475459359",
                "207372468089512354262847600531498248176",
                "66229909117248421664388010990707616787",
                "192658118556008318628893129314014455705",
                "95636588107849901026847817888568717216",
                "240694166605272108246037171722888101747"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "net/can/isotp.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-b7514a98",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d72866a7f5326160d2a9d945a33eb6ef1883e25d"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "127503273061667215568412613468780618112",
            "length": 1904.0
        },
        "signature_type": "Function",
        "target": {
            "file": "net/can/isotp.c",
            "function": "isotp_bind"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-e73ec81e",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf522d741f5301223cc94b978eb1603c7590d65e"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "205537448216847481911098723723335249752",
                "311585165431802706025263969833151734977",
                "82269160845815773267781848397090350183",
                "161976867100495284979743182814160745055",
                "187745717394528553084758995596129940854",
                "117699611913072305823022627369160897169",
                "233808590837627801487805407620892122263",
                "256955766270272755680803020859548537785",
                "67439880968770644703525546353058406775",
                "230641422895657782695410628330386149643",
                "152432644092006969989882634329143181179",
                "187084654560809119350883701926020860491",
                "304177964189812433060230367888220333683",
                "123940679102298074494759598282347921112",
                "200402176154725878489337871826555163763",
                "93220793987161912459635511633686066694",
                "127047485758436262553188278057945031147",
                "19755512860756015621115382451854135823",
                "219662554873562595883365431504800212287",
                "249569829618363129806768963363350206685",
                "223046274972963272633520962159054457718",
                "47741777193550940047743280191344220349",
                "44602514896103377885704104299719611042",
                "289431932983201277081952639046688104114",
                "231662775182059772340482443181947181525",
                "283511786574673533812920067391754787085",
                "47444550202065615147965257647685526953",
                "233149670239866831064094160395834201203",
                "72902690149282734583233912900941563907",
                "294381982120058107670867197778475459359",
                "207372468089512354262847600531498248176",
                "66229909117248421664388010990707616787",
                "192658118556008318628893129314014455705",
                "95636588107849901026847817888568717216",
                "240694166605272108246037171722888101747"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "net/can/isotp.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-e82b6966",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cf522d741f5301223cc94b978eb1603c7590d65e"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "127503273061667215568412613468780618112",
            "length": 1904.0
        },
        "signature_type": "Function",
        "target": {
            "file": "net/can/isotp.c",
            "function": "isotp_bind"
        },
        "deprecated": false,
        "id": "CVE-2022-49269-f8fdb1ea",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b4652fc71dcec043977a6def80ef5034c913615"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.10.0
Fixed
5.10.110
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.33
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.19
Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
5.17.2