{
  "threat_severity" : "Low",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net: stmmac: fix dma queue left shift overflow issue",
    "id" : "2347803",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347803"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: stmmac: fix dma queue left shift overflow issue\nWhen queue number is > 4, left shift overflows due to 32 bits\ninteger variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.\nIf CONFIG_UBSAN is enabled, kernel dumps below warning:\n[   10.363842] ==================================================================\n[   10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/\nlinux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12\n[   10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int'\n[   10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg\n[   10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021\n[   10.363958] Call Trace:\n[   10.363960]  <TASK>\n[   10.363963]  dump_stack_lvl+0x4a/0x5f\n[   10.363971]  dump_stack+0x10/0x12\n[   10.363974]  ubsan_epilogue+0x9/0x45\n[   10.363976]  __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n[   10.363979]  ? wake_up_klogd+0x4a/0x50\n[   10.363983]  ? vprintk_emit+0x8f/0x240\n[   10.363986]  dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]\n[   10.364001]  stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]\n[   10.364009]  ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]\n[   10.364020]  stmmac_hw_setup.cold+0xf/0xb14 [stmmac]\n[   10.364030]  ? page_pool_alloc_pages+0x4d/0x70\n[   10.364034]  ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]\n[   10.364042]  stmmac_open+0x39e/0x920 [stmmac]\n[   10.364050]  __dev_open+0xf0/0x1a0\n[   10.364054]  __dev_change_flags+0x188/0x1f0\n[   10.364057]  dev_change_flags+0x26/0x60\n[   10.364059]  do_setlink+0x908/0xc40\n[   10.364062]  ? do_setlink+0xb10/0xc40\n[   10.364064]  ? __nla_validate_parse+0x4c/0x1a0\n[   10.364068]  __rtnl_newlink+0x597/0xa10\n[   10.364072]  ? __nla_reserve+0x41/0x50\n[   10.364074]  ? __kmalloc_node_track_caller+0x1d0/0x4d0\n[   10.364079]  ? pskb_expand_head+0x75/0x310\n[   10.364082]  ? nla_reserve_64bit+0x21/0x40\n[   10.364086]  ? skb_free_head+0x65/0x80\n[   10.364089]  ? security_sock_rcv_skb+0x2c/0x50\n[   10.364094]  ? __cond_resched+0x19/0x30\n[   10.364097]  ? kmem_cache_alloc_trace+0x15a/0x420\n[   10.364100]  rtnl_newlink+0x49/0x70\nThis change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue\nmapping warning.\nBugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49592\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49592\nhttps://lore.kernel.org/linux-cve-announce/2025022610-CVE-2022-49592-f07c@gregkh/T" ],
  "name" : "CVE-2022-49592",
  "csaw" : false
}