CVE-2022-49747

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DEBIAN-CVE-2022-49747 RHSA-2025:6966 UBUNTU-CVE-2022-49747

Analyzed

Published: 27 Mar 2025, 16:42

Last modified:11 May 2026, 19:05

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Mar 2025, 16:42

Published

Vulnerability first disclosed

11 May 2026, 19:05

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Fix incorrect offset calculation Effective offset to add to length was being incorrectly calculated, which resulted in iomap->length being set to 0, triggering a WARN_ON in iomap_iter_done(). Fix that, and describe it in comments. This was reported as a crash by syzbot under an issue about a warning encountered in iomap_iter_done(), but unrelated to erofs. C reproducer: https://syzkaller.appspot.com/text?tag=ReproC&x=1037a6b2880000 Kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=e2021a61197ebe02 Dashboard link: https://syzkaller.appspot.com/bug?extid=a8e049cd3abd342936b6

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Affected Systems

linux•linux
≥ eadcd6b5a1eb39866ab8d8a3e4f2e51bc51a2350, < 2144859229c1e74f52d3ea067338d314a83a8afb | ≥ eadcd6b5a1eb39866ab8d8a3e4f2e51bc51a2350, < 9f31d8c889d9a4e47bfcc6c4537d0c9f89fe582c | ≥ eadcd6b5a1eb39866ab8d8a3e4f2e51bc51a2350, < 6acd87d50998ef0afafc441613aeaf5a8f5c9eff | 5.15
linux•linux_kernel
≥ 5.15, < 5.15.92 | ≥ 5.16, < 6.1.10 | 6.2:rc1 | 6.2:rc2 | 6.2:rc3 | 6.2:rc4