CVE-2022-49710

dm mirror log: round up region bitmap size to BITS_PER_LONG

Description

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses find_next_zero_bit_le on the allocated region. find_next_zero_bit_le accesses the bitmap using unsigned long pointers. So, on 64-bit architectures, it may access 4 bytes beyond the allocated size. Fix this bug by rounding up bitset_size to BITS_PER_LONG. This bug was found by running the lvm2 testsuite with kasan.

N/A
CVSS
Severity:
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ae460312875159285cef5bf3dc654593f404a1ef
https://git.kernel.org/stable/c/ba751f0d25f07aa21ce9b85372a3792bf7969d13
https://git.kernel.org/stable/c/0d2209b54f1de0c2f99cab246d4cf2cfe24aaaa9
https://git.kernel.org/stable/c/9a02f3275acc628c0d956be771405ced79ac36df
https://git.kernel.org/stable/c/85e123c27d5cbc22cfdc01de1e2ca1d9003a02d0

Frequently Asked Questions

What is the severity of CVE-2022-49710?
CVE-2022-49710 has not yet been assigned a CVSS score.
How to fix CVE-2022-49710?
To fix CVE-2022-49710, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49710 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49710 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49710?
CVE-2022-49710 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.