In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. To fix, we can follow what udpv6 does and subtract the transhdrlen from the max.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*

No data.

References
Link Providers
https://git.kernel.org/stable/c/034246122f5c5e2e2a0b9fe04e24517920e9beb1 cve-icon cve-icon
https://git.kernel.org/stable/c/0e818d433fc2718fe4da044ffca7431812a7e04e cve-icon cve-icon
https://git.kernel.org/stable/c/27a37755ceb401111ded76810359d3adc4b268a1 cve-icon cve-icon
https://git.kernel.org/stable/c/2cf73c7cb6125083408d77f43d0e84d86aed0000 cve-icon cve-icon
https://git.kernel.org/stable/c/2f42389d270f2304c8855b0b63498a5a4d0c053d cve-icon cve-icon
https://git.kernel.org/stable/c/6c4e3486d21173d60925ef52e512cae727b43d30 cve-icon cve-icon
https://git.kernel.org/stable/c/b8879ca1fd7348b4d5db7db86dcb97f60c73d751 cve-icon cve-icon
https://git.kernel.org/stable/c/f638a84afef3dfe10554c51820c16e39a278c915 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49727-a010@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49727 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49727 cve-icon
History

Fri, 07 Mar 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-190
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 26 Feb 2025 13:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 26 Feb 2025 02:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. To fix, we can follow what udpv6 does and subtract the transhdrlen from the max.
Title ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-02-26T02:24:38.672Z

Updated: 2025-02-26T02:24:38.672Z

Reserved: 2025-02-26T02:21:30.448Z

Link: CVE-2022-49727

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2025-02-26T07:01:48.347

Modified: 2025-03-07T20:44:17.993

Link: CVE-2022-49727

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49727 - Bugzilla