Bug 2347992 (CVE-2022-49614) - CVE-2022-49614 kernel: nvme: use struct group for generic command dwords
Summary: CVE-2022-49614 kernel: nvme: use struct group for generic command dwords
Keywords:
Status: NEW
Alias: CVE-2022-49614
Product: Security Response
Classification: Other
Component: vulnerability-draft
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:13 UTC by OSIDB Bzimport
Modified: 2026-02-02 10:33 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:13:51 UTC 
In the Linux kernel, the following vulnerability has been resolved:

nvme: use struct group for generic command dwords

This will allow the trace event to know the full size of the data
intended to be copied and silence read overflow checks.
Comment 1 Avinash Hanwate 2025-02-26 19:58:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49614-b2a0@gregkh/T
Comment 4 Avinash Hanwate 2025-02-27 22:10:14 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49614-b2a0@gregkh/T
Comment 8 TEJ RATHI 2025-05-15 07:29:33 UTC 
This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025030638-REJECTED-6a6a@gregkh/
Note You need to log in before you can comment on or make changes to this bug.