CVE-2022-49019

Advisory lineage Upstream: 0 Downstream: 9

Downstream

DEBIAN-CVE-2022-49019 SUSE-SU-2024:3983-1 SUSE-SU-2024:3985-1 SUSE-SU-2024:4082-1 SUSE-SU-2024:4131-1 SUSE-SU-2024:4313-1

Analyzed

Published: 21 Oct 2024, 20:06

Last modified:11 May 2026, 18:51

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Oct 2024, 20:06

Published

Vulnerability first disclosed

11 May 2026, 18:51

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for() loop with priv->rx_bd_v dereference under the check for its validity. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 492caffa8a1a405f661c111acabfe6b8b9645db8, < 910c0264b64ef2dad8887714a7c56c93e39a0ed3 | ≥ 492caffa8a1a405f661c111acabfe6b8b9645db8, < 45752af0247589e6d3dede577415bfe117b4392c | ≥ 492caffa8a1a405f661c111acabfe6b8b9645db8, < 9c584d6d9cfb935dce8fc81a4c26debac0a3049b | ≥ 492caffa8a1a405f661c111acabfe6b8b9645db8, < 80e82f7b440b65cf131dce10f487dc73a7046e6b | ≥ 492caffa8a1a405f661c111acabfe6b8b9645db8, < 9256db4e45e8b497b0e993cc3ed4ad08eb2389b6 | 4.17
linux•linux_kernel
≥ 4.17, < 5.4.226 | ≥ 5.5, < 5.10.158 | ≥ 5.11, < 5.15.82 | ≥ 5.16, < 6.0.12 | 6.1:rc1 | 6.1:rc2 | 6.1:rc3 | 6.1:rc4 | 6.1:rc5 | 6.1:rc6 | 6.1:rc7