CVE-2022-49592

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49592
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49592.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49592
Downstream
Related
Published
2025-02-26T02:23:24.552Z
Modified
2026-04-11T12:44:16.348139Z
Summary
net: stmmac: fix dma queue left shift overflow issue
Details

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: fix dma queue left shift overflow issue

When queue number is > 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMA_MAP1.

If CONFIGUBSAN is enabled, kernel dumps below warning: [ 10.363842] ================================================================== [ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/ linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4core.c:224:12 [ 10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int' [ 10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg [ 10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021 [ 10.363958] Call Trace: [ 10.363960] <TASK> [ 10.363963] dumpstacklvl+0x4a/0x5f [ 10.363971] dumpstack+0x10/0x12 [ 10.363974] ubsanepilogue+0x9/0x45 [ 10.363976] __ubsanhandleshift_outofbounds.cold+0x61/0x10e [ 10.363979] ? wakeupklogd+0x4a/0x50 [ 10.363983] ? vprintkemit+0x8f/0x240 [ 10.363986] dwmac4mapmtldma.cold+0x42/0x91 [stmmac] [ 10.364001] stmmacmtlconfiguration+0x1ce/0x7a0 [stmmac] [ 10.364009] ? dwmac410dmainitchannel+0x70/0x70 [stmmac] [ 10.364020] stmmachwsetup.cold+0xf/0xb14 [stmmac] [ 10.364030] ? pagepoolallocpages+0x4d/0x70 [ 10.364034] ? stmmaccleartxdescriptors+0x6e/0xe0 [stmmac] [ 10.364042] stmmacopen+0x39e/0x920 [stmmac] [ 10.364050] __dev_open+0xf0/0x1a0 [ 10.364054] __devchangeflags+0x188/0x1f0 [ 10.364057] devchangeflags+0x26/0x60 [ 10.364059] dosetlink+0x908/0xc40 [ 10.364062] ? dosetlink+0xb10/0xc40 [ 10.364064] ? __nlavalidateparse+0x4c/0x1a0 [ 10.364068] __rtnl_newlink+0x597/0xa10 [ 10.364072] ? __nla_reserve+0x41/0x50 [ 10.364074] ? __kmallocnodetrackcaller+0x1d0/0x4d0 [ 10.364079] ? pskbexpandhead+0x75/0x310 [ 10.364082] ? nlareserve64bit+0x21/0x40 [ 10.364086] ? skbfreehead+0x65/0x80 [ 10.364089] ? securitysockrcvskb+0x2c/0x50 [ 10.364094] ? _condresched+0x19/0x30 [ 10.364097] ? kmemcachealloctrace+0x15a/0x420 [ 10.364100] rtnlnewlink+0x49/0x70

This change fixes MTLRXQDMA_MAP1 mask issue and channel/queue mapping warning.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49592.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d43042f4da3e1c2e4ccac3b1d9153cb0798533a4
Fixed
ad2febdfbd01e1d092a08bfdba92ede79ea05ff3
Fixed
508d86ead36cbd8dfb60773a33276790d668c473
Fixed
573768dede0e2b7de38ecbc11cb3ee47643902dc
Fixed
a3ac79f38d354b10925824899cdbd2caadce55ba
Fixed
7c687a893f5cae5ca40d189635602e93af9bab73
Fixed
e846bde09677fa3b203057846620b7ed96540f5f
Fixed
613b065ca32e90209024ec4a6bb5ca887ee70980

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49592.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.12.0
Fixed
4.14.290
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.254
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.208
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.134
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.58
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.18.15

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49592.json"