DEBIAN-CVE-2022-49066

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-49066

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49066.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-49066

Upstream

CVE-2022-49066

Published

2025-02-26T07:00:43.820Z

Modified

2025-11-20T10:16:12.735339Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen() may be 0. But veth_xmit() calls __devforwardskb(), which expects at least ETH_HLEN byte of linear data (as __devforwardskb2() calls ethtypetrans(), which pulls ETHHLEN bytes unconditionally). Use pskbmaypull() to ensure vethxmit() respects this constraint. kernel BUG at include/linux/skbuff.h:2328! RIP: 0010:ethtypetrans+0xcf/0x140 Call Trace: <IRQ> __devforwardskb2+0xe3/0x160 vethxmit+0x6e/0x250 [veth] devhardstartxmit+0xc7/0x200 __devqueuexmit+0x47f/0x520 ? skbensurewritable+0x85/0xa0 ? skbmplspop+0x98/0x1c0 tcfmirredact+0x442/0x47e [actmirred] tcfactionexec+0x86/0x140 flclassify+0x1d8/0x1e0 [clsflower] ? dmapteclearlevel+0x129/0x1a0 ? dmapteclearlevel+0x129/0x1a0 ? prbfillcurrblock+0x2f/0xc0 ? skbcopybits+0x11a/0x220 __tcfclassify+0x58/0x110 tcfclassify_ingress+0x6b/0x140 __netifreceiveskb_core.constprop.0+0x47d/0xfd0 ? __iommudmaunmap_swiotlb+0x44/0x90 __netifreceiveskb_onecore+0x3d/0xa0 netifreceiveskb+0x116/0x170 beprocessrx+0x22f/0x330 [be2net] bepoll+0x13c/0x370 [be2net] __napipoll+0x2a/0x170 netrx_action+0x22f/0x2f0 __do_softirq+0xca/0x2a8 _irqexitrcu+0xc1/0xe0 commoninterrupt+0x83/0xa0

References

https://security-tracker.debian.org/tracker/CVE-2022-49066

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.113-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49066.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49066.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49066.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49066.json"