Buffer Overflow in Linux Kernel Affecting NVMe Command Handling
CVE-2022-49720

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 February 2025

What is CVE-2022-49720?

A vulnerability exists in the Linux kernel's handling of offline queues, specifically in the blk_mq_alloc_request_hctx() function. This flaw can lead to an array index out-of-bounds error, which may occur when certain testing scenarios, such as nvme/004, are executed. Such conditions can cause improper memory access, potentially allowing attackers to exploit this situation and execute arbitrary code or trigger a denial of service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 20e4d813931961fe26d26a1e98b3aba6ec00b130 < 7fa28a7c3d74933a4fc22d341b60927952f31c19

Linux 20e4d813931961fe26d26a1e98b3aba6ec00b130

References

https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341...

https://git.kernel.org/stable/c/b5e65ef044d627effdc259904...

https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c4...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025

JSON

Linux

What is CVE-2022-49720?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.