CVE-2022-49766

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49766

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49766.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-49766

Downstream

UBUNTU-CVE-2022-49766

Published

2025-05-01T15:15:59Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

netlink: Bounds-check struct nlmsgerr creation

In preparation for FORTIFYSOURCE doing bounds-check on memcpy(), switch from _nlmsgput to nlmsgput(), and explain the bounds check for dealing with the memcpy() across a composite flexible array struct. Avoids this future run-time warning:

memcpy: detected field-spanning write (size 32) of single field "&errmsg->msg" at net/netlink/af_netlink.c:2447 (size 16)

References

https://git.kernel.org/stable/c/710d21fdff9a98d621cd4e64167f3ef8af4e2fd1
https://git.kernel.org/stable/c/aff4eb16f589c3af322a2582044bca365381fcd6

CVE-2022-49766

Affected packages