0.0
NA
CVE-2022-49660
CVE-2022-1234: Oracle MySQL SQL Injection Vulnerability
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

Feb. 26, 2025, 7:01 a.m.

Last Modified :

Feb. 26, 2025, 1:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2022-49660 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-49660 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-49660 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: xen/arm: Fix race in RB-tree based P2M accounting During the PV driver life cycle the mappings are added to the RB-tree by set_foreign_p2m_mapping(), which is called from gnttab_map_refs() and are removed by clear_foreign_p2m_mapping() which is called from gnttab_unmap_refs(). As both functions end up calling __set_phys_to_machine_multi() which updates the RB-tree, this function can be called concurrently. There is already a "p2m_lock" to protect against concurrent accesses, but the problem is that the first read of "phys_to_mach.rb_node" in __set_phys_to_machine_multi() is not covered by it, so this might lead to the incorrect mappings update (removing in our case) in RB-tree. In my environment the related issue happens rarely and only when PV net backend is running, the xen_add_phys_to_mach_entry() claims that it cannot add new pfn <-> mfn mapping to the tree since it is already exists which results in a failure when mapping foreign pages. But there might be other bad consequences related to the non-protected root reads such use-after-free, etc. While at it, also fix the similar usage in __pfn_to_mfn(), so initialize "struct rb_node *n" with the "p2m_lock" held in both functions to avoid possible bad consequences. This is CVE-2022-33744 / XSA-406. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org: https://git.kernel.org/stable/c/01b86faa64b1f5aa04c0b3ca2001b0a8474f3006
    Removed Reference kernel.org: https://git.kernel.org/stable/c/274cb74da15ed13292fcec9097f04332eb3eea17
    Removed Reference kernel.org: https://git.kernel.org/stable/c/43c8d33ce353091f15312cb6de3531517d7bba90
    Removed Reference kernel.org: https://git.kernel.org/stable/c/5c03cad51b84fb26ccea7fd99130d8ec47949cfc
    Removed Reference kernel.org: https://git.kernel.org/stable/c/856d1b8e6e826b5087f1ea3fdbabda3557d73599
    Removed Reference kernel.org: https://git.kernel.org/stable/c/9f83c8f6ab14bbf4311b70bf1b7290d131059101
    Removed Reference kernel.org: https://git.kernel.org/stable/c/b75cd218274e01d026dc5240e86fdeb44bbed0c8
    Removed Reference kernel.org: https://git.kernel.org/stable/c/efd9826d4c08abac7e8840757e3e1bfcf2876f70
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: xen/arm: Fix race in RB-tree based P2M accounting During the PV driver life cycle the mappings are added to the RB-tree by set_foreign_p2m_mapping(), which is called from gnttab_map_refs() and are removed by clear_foreign_p2m_mapping() which is called from gnttab_unmap_refs(). As both functions end up calling __set_phys_to_machine_multi() which updates the RB-tree, this function can be called concurrently. There is already a "p2m_lock" to protect against concurrent accesses, but the problem is that the first read of "phys_to_mach.rb_node" in __set_phys_to_machine_multi() is not covered by it, so this might lead to the incorrect mappings update (removing in our case) in RB-tree. In my environment the related issue happens rarely and only when PV net backend is running, the xen_add_phys_to_mach_entry() claims that it cannot add new pfn <-> mfn mapping to the tree since it is already exists which results in a failure when mapping foreign pages. But there might be other bad consequences related to the non-protected root reads such use-after-free, etc. While at it, also fix the similar usage in __pfn_to_mfn(), so initialize "struct rb_node *n" with the "p2m_lock" held in both functions to avoid possible bad consequences. This is CVE-2022-33744 / XSA-406.
    Added Reference https://git.kernel.org/stable/c/01b86faa64b1f5aa04c0b3ca2001b0a8474f3006
    Added Reference https://git.kernel.org/stable/c/274cb74da15ed13292fcec9097f04332eb3eea17
    Added Reference https://git.kernel.org/stable/c/43c8d33ce353091f15312cb6de3531517d7bba90
    Added Reference https://git.kernel.org/stable/c/5c03cad51b84fb26ccea7fd99130d8ec47949cfc
    Added Reference https://git.kernel.org/stable/c/856d1b8e6e826b5087f1ea3fdbabda3557d73599
    Added Reference https://git.kernel.org/stable/c/9f83c8f6ab14bbf4311b70bf1b7290d131059101
    Added Reference https://git.kernel.org/stable/c/b75cd218274e01d026dc5240e86fdeb44bbed0c8
    Added Reference https://git.kernel.org/stable/c/efd9826d4c08abac7e8840757e3e1bfcf2876f70
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-49660 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-49660 weaknesses.

NONE - Vulnerability Scoring System
:
© cvefeed.io
Latest DB Update: Apr. 23, 2025 12:04