Cyber Resilience

CVE-2022-49368

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0002 4.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49368 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49368 is an out-of-bounds read vulnerability in the Linux kernel's mtk_eth_soc Ethernet driver, specifically within the mtk_hwlro_get_fdir_entry() function. The issue arises because the fsp->location variable, sourced from user input via the ethtool_get_rxnfc() interface, is not validated before use, potentially allowing access to memory outside intended bounds. This affects systems running vulnerable versions of the Linux kernel with the MediaTek Ethernet SoC (mtk_eth_soc) driver enabled. The vulnerability is rated with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) and is associated with CWE-125 (Out-of-bounds Read).

A local attacker with low privileges, such as a standard user on the system, can exploit this vulnerability by supplying a crafted fsp->location value through ethtool_get_rxnfc(). Successful exploitation enables high-impact confidentiality violations, such as reading sensitive kernel memory, and high-impact availability disruptions, potentially leading to denial of service via system crashes or instability. No user interaction is required, and the attack complexity is low, making it feasible for local adversaries.

Mitigation involves applying the upstream kernel patches referenced in the stable commit history. Key fixes include commits such as 0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8, 2bd1faedb74dc2a2be3972abcd4239b75a3e7b00, 4cde554c70d7397cfa2e4116bacb4accdfb6fd48, 5ba81f82607ead85fe36f50869fc4f5661359ab8, and 657e7174603f0aab2cdedc64ac81edffd2a87afe, which add validation checks for fsp->location to prevent the out-of-bounds read. Security practitioners should ensure kernels are updated to incorporate these changes, particularly on systems using MediaTek Ethernet hardware.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() The "fsp->location" variable comes from user via ethtool_get_rxnfc(). Check that it is valid to prevent an out of bounds read.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds kernel memory read directly enables credential access via info leak; crafted input also triggers crashes enabling local DoS via system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21743Same product: Linux Linux Kernel
CVE-2022-49738Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel
CVE-2026-23269Same product: Linux Linux Kernel
CVE-2022-49249Same product: Linux Linux Kernel
CVE-2026-31568Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.9 — 4.9.318 · 4.10 — 4.14.283 · 4.15 — 4.19.247

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of user-supplied inputs like fsp->location from ethtool_get_rxnfc() to prevent out-of-bounds reads in the mtk_eth_hwlr_get_fdir_entry() function.

prevent

Requires timely remediation of the kernel flaw through patches that add bounds checking for fsp->location, directly addressing the vulnerability.

prevent

Implements memory protections to restrict unauthorized access to kernel memory regions targeted by out-of-bounds reads from invalid fsp->location values.

References