vulnerability
Ubuntu: (CVE-2022-49859): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | May 1, 2025 | May 8, 2025 | Nov 13, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
net: lapbether: fix issue of invalid opcode in lapbeth_open()
If lapb_register() failed when lapb device goes to up for the first time,
the NAPI is not disabled. As a result, the invalid opcode issue is
reported when the lapb device goes to up for the second time.
The stack info is as follows:
[ 1958.311422][T11356] kernel BUG at net/core/dev.c:6442!
[ 1958.312206][T11356] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 1958.315979][T11356] RIP: 0010:napi_enable+0x16a/0x1f0
[ 1958.332310][T11356] Call Trace:
[ 1958.332817][T11356] <TASK>
[ 1958.336135][T11356] lapbeth_open+0x18/0x90
[ 1958.337446][T11356] __dev_open+0x258/0x490
[ 1958.341672][T11356] __dev_change_flags+0x4d4/0x6a0
[ 1958.345325][T11356] dev_change_flags+0x93/0x160
[ 1958.346027][T11356] devinet_ioctl+0x1276/0x1bf0
[ 1958.346738][T11356] inet_ioctl+0x1c8/0x2d0
[ 1958.349638][T11356] sock_ioctl+0x5d1/0x750
[ 1958.356059][T11356] __x64_sys_ioctl+0x3ec/0x1790
[ 1958.365594][T11356] do_syscall_64+0x35/0x80
[ 1958.366239][T11356] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 1958.377381][T11356] </TASK>
Solutions
References
- CVE-2022-49859
- https://attackerkb.com/topics/CVE-2022-49859
- CWE-787
- URL-https://git.kernel.org/linus/3faf7e14ec0c3462c2d747fa6793b8645d1391df
- URL-https://git.kernel.org/stable/c/3faf7e14ec0c3462c2d747fa6793b8645d1391df
- URL-https://git.kernel.org/stable/c/4689bd3a1b23a1bd917899e63b81bca2ccdfab45
- URL-https://git.kernel.org/stable/c/ed4940050a7ce7fc2ccd51db580ef1ade64290b1
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49859
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.