CVE-2022-49147

block: Fix the maximum minor value is blk_alloc_ext_minor()

Description

In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, inclusive. So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor(). This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is '(1 << MINORBITS)'. So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb
https://git.kernel.org/stable/c/0f8cf8f5ccbad25ed6828875b222dbab29d5c272
https://git.kernel.org/stable/c/fbe2cc4525480ddd20c866bb5c0578071e01451a
https://git.kernel.org/stable/c/d1868328dec5ae2cf210111025fcbc71f78dd5ca

Frequently Asked Questions

What is the severity of CVE-2022-49147?
CVE-2022-49147 has not yet been assigned a CVSS score.
How to fix CVE-2022-49147?
To fix CVE-2022-49147, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49147 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49147 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49147?
CVE-2022-49147 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.