CVE-2022-49820

UNKNOWN 0.0

mctp i2c: don't count unused / invalid keys for flow release

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: don't count unused / invalid keys for flow release We're currently hitting the WARN_ON in mctp_i2c_flow_release: if (midev->release_count > midev->i2c_lock_count) { WARN_ONCE(1, "release count overflow"); This may be hit if we expire a flow before sending the first packet it contains - as we will not be pairing the increment of release_count (performed on flow release) with the i2c lock operation (only performed on actual TX). To fix this, only release a flow if we've encountered it previously (ie, dev_flow_state does not indicate NEW), as we will mark the flow as ACTIVE at the same time as accounting for the i2c lock operation. We also need to add an INVALID flow state, to indicate when we've done the release.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 1, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

f5b8abf9fc3dacd7529d363e26fe8230935d65f8 < a5915a9a3ab4067ef8996a57738d156eabeb3a12 f5b8abf9fc3dacd7529d363e26fe8230935d65f8 < 9cbd48d5fa14e4c65f8580de16686077f7cea02b

Linux / Linux

5.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/a5915a9a3ab4067ef8996a57738d156eabeb3a12 git.kernel.org: https://git.kernel.org/stable/c/9cbd48d5fa14e4c65f8580de16686077f7cea02b