CVE-2022-49728

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 26, 2025

Updated: Mar 7, 2025

CWE ID 190

Summary

CVE-2022-49728 is a vulnerability affecting the Linux kernel's IPv6 implementation. The issue stems from a signed integer overflow in the function __ip6_append_data. This vulnerability was identified by UBSAN (Universal Branch and Bound Sanitizer) as a signed-integer-overflow, causing the variable 'length' to exceed its limit. The vulnerability was resolved by converting the variable type to unsigned (size_t) to prevent such overflows. The issue was discovered in net/ipv6/ip6_output.c at line 1489 and affected Linux kernel versions 5.16.0 and above. The vulnerability did not impact system stability or security when exploited. Subsequent patches also considered suggestions from Eric Dumazet, Paolo Abeni, and Jakub Kicinski, but ultimately, only the variable type conversion was implemented.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners