Description

In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, inclusive. So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor(). This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is '(1 << MINORBITS)'. So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow.

INFO

Published Date :

2025-02-26T01:55:15.373Z

Last Modified :

2025-05-04T08:30:59.109Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49147 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49147.

URL Resource
https://git.kernel.org/stable/c/0f8cf8f5ccbad25ed6828875b222dbab29d5c272 cve-icon cve-icon
https://git.kernel.org/stable/c/5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb cve-icon cve-icon
https://git.kernel.org/stable/c/d1868328dec5ae2cf210111025fcbc71f78dd5ca cve-icon cve-icon
https://git.kernel.org/stable/c/fbe2cc4525480ddd20c866bb5c0578071e01451a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2022-49147-7f2f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49147 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49147 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact