CVE-2022-49581
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in be_get_module_eeprom be_cmd_read_port_transceiver_data assumes that it is given a buffer that is at least PAGE_DATA_LEN long, or twice that if the module supports SFF 8472. However, this is not always the case. Fix this by passing the desired offset and length to be_cmd_read_port_transceiver_data so that we only copy the bytes once.
Security Summary
CVE-2022-49581 is a buffer overflow vulnerability (CWE-787) in the Linux kernel's be2net driver. The issue arises in the be_get_module_eeprom function, where be_cmd_read_port_transceiver_data assumes the provided buffer is at least PAGE_DATA_LEN bytes long—or twice that length for modules supporting SFF 8472—which is not always the case. This affects systems running vulnerable versions of the Linux kernel with the be2net driver loaded.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation leads to high impacts on confidentiality, integrity, and availability, as indicated by the CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Mitigation is provided through patches in Linux kernel stable releases, available in commits such as 18043da94c02, 665cbe91de2f, 8ff4f9df73e5, a5a8fc0679a8, and a8569f76df7e on git.kernel.org. These fixes modify be_get_module_eeprom to pass the desired offset and length to be_cmd_read_port_transceiver_data, ensuring only the necessary bytes are copied and preventing the overflow.
Details
- CWE(s)