
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2022-49790 is a vulnerability discovered in the Linux kernel's iforce driver, specifically related to an incorrect length check when fetching device IDs. The issue was identified in May 2025 and affects the iforceinitdevice() function. The vulnerability was introduced by commit 6ac0aec6b0a6 which allowed callers to supply data buffer when fetching device IDs (NVD).
The vulnerability stems from an inverted valid length check when fetching device IDs. The issue occurs because the code checks that valid length is shorter than bytes to read, while iforcegetidpacket() stores valid length when returning 0. The correct implementation should check that valid length is longer than or equals to bytes to read. This can lead to an uninitialized value being used in iforceinit_device(). The vulnerability has been assigned a CVSS v3.1 base score of 5.5, indicating a moderate severity level (Wiz, Red Hat XML).
The vulnerability has been rated with a CVSS v3.1 base score of 5.5, indicating moderate severity. The vulnerability requires local access and could potentially lead to high availability impact (Red Hat XML).
The vulnerability has been resolved in the Linux kernel with patches being released for various distributions. Ubuntu has released fixes for versions 22.04 LTS (5.15.0-67.74), 20.04 LTS (5.4.0-144.161), and 18.04 LTS. Several major Linux distributions including Red Hat Enterprise Linux 6, 7, 8, and 9 have been marked as not affected by this vulnerability (Ubuntu, Red Hat XML).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."