CVE-2022-49368

CVE-2022-49368 is an out-of-bounds read vulnerability in the Linux kernel's mtk_eth_soc Ethernet driver, specifically within the mtk_hwlro_get_fdir_entry() function. The issue arises because the fsp->location variable, sourced from user input via the ethtool_get_rxnfc() interface, is not validated before use, potentially allowing access to memory outside intended bounds. This affects systems running vulnerable versions of the Linux kernel with the MediaTek Ethernet SoC (mtk_eth_soc) driver enabled. The vulnerability is rated with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) and is associated with CWE-125 (Out-of-bounds Read).

A local attacker with low privileges, such as a standard user on the system, can exploit this vulnerability by supplying a crafted fsp->location value through ethtool_get_rxnfc(). Successful exploitation enables high-impact confidentiality violations, such as reading sensitive kernel memory, and high-impact availability disruptions, potentially leading to denial of service via system crashes or instability. No user interaction is required, and the attack complexity is low, making it feasible for local adversaries.

Mitigation involves applying the upstream kernel patches referenced in the stable commit history. Key fixes include commits such as 0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8, 2bd1faedb74dc2a2be3972abcd4239b75a3e7b00, 4cde554c70d7397cfa2e4116bacb4accdfb6fd48, 5ba81f82607ead85fe36f50869fc4f5661359ab8, and 657e7174603f0aab2cdedc64ac81edffd2a87afe, which add validation checks for fsp->location to prevent the out-of-bounds read. Security practitioners should ensure kernels are updated to incorporate these changes, particularly on systems using MediaTek Ethernet hardware.