CVE-2022-49368
Published: 26 February 2025
Summary
CVE-2022-49368 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-49368 is an out-of-bounds read vulnerability in the Linux kernel's mtk_eth_soc Ethernet driver, specifically within the mtk_hwlro_get_fdir_entry() function. The issue arises because the fsp->location variable, sourced from user input via the ethtool_get_rxnfc() interface, is not validated before use, potentially allowing access to memory outside intended bounds. This affects systems running vulnerable versions of the Linux kernel with the MediaTek Ethernet SoC (mtk_eth_soc) driver enabled. The vulnerability is rated with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) and is associated with CWE-125 (Out-of-bounds Read).
A local attacker with low privileges, such as a standard user on the system, can exploit this vulnerability by supplying a crafted fsp->location value through ethtool_get_rxnfc(). Successful exploitation enables high-impact confidentiality violations, such as reading sensitive kernel memory, and high-impact availability disruptions, potentially leading to denial of service via system crashes or instability. No user interaction is required, and the attack complexity is low, making it feasible for local adversaries.
Mitigation involves applying the upstream kernel patches referenced in the stable commit history. Key fixes include commits such as 0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8, 2bd1faedb74dc2a2be3972abcd4239b75a3e7b00, 4cde554c70d7397cfa2e4116bacb4accdfb6fd48, 5ba81f82607ead85fe36f50869fc4f5661359ab8, and 657e7174603f0aab2cdedc64ac81edffd2a87afe, which add validation checks for fsp->location to prevent the out-of-bounds read. Security practitioners should ensure kernels are updated to incorporate these changes, particularly on systems using MediaTek Ethernet hardware.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54861
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() The "fsp->location" variable comes from user via ethtool_get_rxnfc(). Check that it is valid to prevent an out of bounds read.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds kernel memory read directly enables credential access via info leak; crafted input also triggers crashes enabling local DoS via system exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates validation of user-supplied inputs like fsp->location from ethtool_get_rxnfc() to prevent out-of-bounds reads in the mtk_eth_hwlr_get_fdir_entry() function.
Requires timely remediation of the kernel flaw through patches that add bounds checking for fsp->location, directly addressing the vulnerability.
Implements memory protections to restrict unauthorized access to kernel memory regions targeted by out-of-bounds reads from invalid fsp->location values.