CVE-2022-49754

HIGH 7.8

Bluetooth: Fix a buffer overflow in mgmt_mesh_add()

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmt_mesh_add() Smatch Warning: net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy() 'mesh_tx->param' too small (48 vs 50) Analysis: 'mesh_tx->param' is array of size 48. This is the destination. u8 param[sizeof(struct mgmt_cp_mesh_send) + 29]; // 19 + 29 = 48. But in the caller 'mesh_send' we reject only when len > 50. len > (MGMT_MESH_SEND_SIZE + 31) // 19 + 31 = 50.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Mar 27, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

b338d91703fae6f6afd67f3f75caa3b8f36ddef3 < ed818fd8c531abf561b379995ee7cc4c68029464 b338d91703fae6f6afd67f3f75caa3b8f36ddef3 < 2185e0fdbb2137f22a9dd9fcbf6481400d56299b

Linux / Linux

6.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/ed818fd8c531abf561b379995ee7cc4c68029464 git.kernel.org: https://git.kernel.org/stable/c/2185e0fdbb2137f22a9dd9fcbf6481400d56299b