CVE-2022-49710

dm mirror log: round up region bitmap size to BITS_PER_LONG

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses
find_next_zero_bit_le on the allocated region. find_next_zero_bit_le
accesses the bitmap using unsigned long pointers. So, on 64-bit
architectures, it may access 4 bytes beyond the allocated size. Fix this bug by rounding up bitset_size to BITS_PER_LONG. This bug was found by running the lvm2 testsuite with kasan.

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses find_next_zero_bit_le on the allocated region. find_next_zero_bit_le accesses the bitmap using unsigned long pointers. So, on 64-bit architectures, it may access 4 bytes beyond the allocated size. Fix this bug by rounding up bitset_size to BITS_PER_LONG. This bug was found by running the lvm2 testsuite with kasan.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/29121bd0b00ebb9524971a583fea4a2f7afe8041	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ae460312875159285cef5bf3dc654593f404a1ef	2022-06-22
https://git.kernel.org/stable/c/ba751f0d25f07aa21ce9b85372a3792bf7969d13	2022-06-22
https://git.kernel.org/stable/c/0d2209b54f1de0c2f99cab246d4cf2cfe24aaaa9	2022-06-22
https://git.kernel.org/stable/c/9a02f3275acc628c0d956be771405ced79ac36df	2022-06-22
https://git.kernel.org/stable/c/85e123c27d5cbc22cfdc01de1e2ca1d9003a02d0	2022-06-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.4.200 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.4.200"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.10.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.10.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.15.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.15.49"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.18.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.18.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.19"		en		Affected