Description

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read.

INFO

Published Date :

2025-05-01T14:09:22.158Z

Last Modified :

2025-05-04T08:45:25.494Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49790 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49790.

URL Resource
https://git.kernel.org/stable/c/24cc679abbf31477d0cc6106ec83c2fbae6b3cdf cve-icon cve-icon
https://git.kernel.org/stable/c/5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3 cve-icon cve-icon
https://git.kernel.org/stable/c/6365569d62a75ddf53fb0c2936c16587a365984c cve-icon cve-icon
https://git.kernel.org/stable/c/b8ebf250997c5fb253582f42bfe98673801ebebd cve-icon cve-icon
https://git.kernel.org/stable/c/fdd57c20d4408cac3c3c535c120d244e083406c9 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025050122-CVE-2022-49790-fb22@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49790 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49790 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact