Cyber Resilience

CVE-2022-49581

High

Published: 26 February 2025

Published
26 February 2025
Modified
22 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49581 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49581 is a buffer overflow vulnerability (CWE-787) in the Linux kernel's be2net driver. The issue arises in the be_get_module_eeprom function, where be_cmd_read_port_transceiver_data assumes the provided buffer is at least PAGE_DATA_LEN bytes long—or twice that length for modules supporting SFF 8472—which is not always the case. This affects systems running vulnerable versions of the Linux kernel with the be2net driver loaded.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation leads to high impacts on confidentiality, integrity, and availability, as indicated by the CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Mitigation is provided through patches in Linux kernel stable releases, available in commits such as 18043da94c02, 665cbe91de2f, 8ff4f9df73e5, a5a8fc0679a8, and a8569f76df7e on git.kernel.org. These fixes modify be_get_module_eeprom to pass the desired offset and length to be_cmd_read_port_transceiver_data, ensuring only the necessary bytes are copied and preventing the overflow.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in be_get_module_eeprom be_cmd_read_port_transceiver_data assumes that it is given a buffer that is at least PAGE_DATA_LEN long, or twice that if the module supports SFF 8472. However,…

more

this is not always the case. Fix this by passing the desired offset and length to be_cmd_read_port_transceiver_data so that we only copy the bytes once.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel buffer overflow in be2net driver directly enables privilege escalation via memory corruption from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2022-49612Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.19 · 3.18 — 4.9.325 · 4.10 — 4.14.290 · 4.15 — 4.19.254

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation through patching, directly addressing CVE-2022-49581 by applying the kernel commits that fix the buffer size assumption in be_get_module_eeprom.

prevent

SI-10 mandates information input validation, preventing the buffer overflow in be_cmd_read_port_transceiver_data by ensuring buffer lengths are checked before copying data.

prevent

SI-16 enforces memory protection mechanisms that mitigate exploitation of the buffer overflow in the be2net driver even if the root flaw persists.

References