CVE-2022-49766
- Source
- https://cve.org/CVERecord?id=CVE-2022-49766
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49766.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49766
- Downstream
- Published
- 2025-05-01T14:09:05.569Z
- Modified
- 2026-04-02T08:27:54.058813Z
- Summary
- netlink: Bounds-check struct nlmsgerr creation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netlink: Bounds-check struct nlmsgerr creation
In preparation for FORTIFY_SOURCE doing bounds-check on memcpy(), switch from __nlmsgput to nlmsgput(), and explain the bounds check for dealing with the memcpy() across a composite flexible array struct. Avoids this future run-time warning:
memcpy: detected field-spanning write (size 32) of single field "&errmsg->msg" at net/netlink/af_netlink.c:2447 (size 16)
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49766.json" }- References
-
- https://git.kernel.org/stable/c/710d21fdff9a98d621cd4e64167f3ef8af4e2fd1
- https://git.kernel.org/stable/c/aff4eb16f589c3af322a2582044bca365381fcd6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49766.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49766
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git