CVE-2022-49790

Published: May 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read.

Vendor	Product	Versions
Linux	Linux	affected `6ac0aec6b0a651d64eef759fddf17d9145b51033 - < 5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3` affected `6ac0aec6b0a651d64eef759fddf17d9145b51033 - < 24cc679abbf31477d0cc6106ec83c2fbae6b3cdf` affected `6ac0aec6b0a651d64eef759fddf17d9145b51033 - < fdd57c20d4408cac3c3c535c120d244e083406c9` affected `6ac0aec6b0a651d64eef759fddf17d9145b51033 - < 6365569d62a75ddf53fb0c2936c16587a365984c` affected `6ac0aec6b0a651d64eef759fddf17d9145b51033 - < b8ebf250997c5fb253582f42bfe98673801ebebd`
Linux	Linux	affected `5.3` unaffected `0 - < 5.3` unaffected `5.4.225 - <= 5.4.` unaffected `5.10.156 - <= 5.10.` unaffected `5.15.80 - <= 5.15.*` +2 more versions

References

https://git.kernel.org/stable/c/5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3

https://git.kernel.org/stable/c/24cc679abbf31477d0cc6106ec83c2fbae6b3cdf

https://git.kernel.org/stable/c/fdd57c20d4408cac3c3c535c120d244e083406c9

https://git.kernel.org/stable/c/6365569d62a75ddf53fb0c2936c16587a365984c

https://git.kernel.org/stable/c/b8ebf250997c5fb253582f42bfe98673801ebebd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49790

Description

Affected Products

References