CVE-2022-49226 The advisory has been revoked - it doesn't affect any version of package kernel-cross-headers  (opens in a new tab)


Threat Intelligence

EPSS
0.05% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-KERNELCROSSHEADERS-11561183
  • published9 Aug 2025
  • disclosed26 Feb 2025

Introduced: 26 Feb 2025

CVE-2022-49226  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers package and not the kernel-cross-headers package as distributed by RHEL.

In the Linux kernel, the following vulnerability has been resolved:

net: asix: add proper error handling of usb read errors

Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller.

Since all read requests are performed via asix_read_cmd() let's catch usb related error there and add __must_check notation to be sure all callers actually check return value.

So, this patch adds sanity check inside asix_read_cmd(), that simply checks if bytes read are not less, than was requested and adds missing error handling of asix_read_cmd() all across the driver code.