In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194 where random system crashes have been observed [0]. The problem occurs when the split header feature is enabled in the stmmac driver. In the bad case, a larger than expected buffer length is received and causes the calculation of the total buffer length to overflow. This results in a very large buffer length that causes the kernel to crash. Why this larger buffer length is received is not clear, however, the feedback from the NVIDIA design team is that the split header feature is not supported for Tegra194. Therefore, disable split header support for Tegra194 to prevent these random crashes from occurring. [0] https://lore.kernel.org/linux-tegra/[email protected]/
Conclusion & alert: CVE-2022-49642 is rated Low Risk (27.3/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.24%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.14% | 0.24% | +0.10% |
| 2 | 2026-04-06 | 0.03% | 0.14% | +0.10% |
| 3 | 2026-03-21 | — | 0.03% | — |
Full EPSS history (5 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2022-49642 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2022-49642 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2022-49642 |
suse
|
medium | — | https://www.suse.com/security/cve/CVE-2022-49642/ |
ubuntu
|
medium | CVE-2022-49642 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, ignored 146, released 135, not-affected 124, needs-triage 1. | https://ubuntu.com/security/CVE-2022-49642 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 5.4, < 5.4.207 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.5, < 5.10.132 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.11, < 5.15.56 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.16, < 5.18.13 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 5.19 | cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 5.19 | cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 5.19 | cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:* |
| linux | linux_kernel | 5.19 | cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:* |
| linux | linux_kernel | 5.19 | cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:* |
| linux | linux_kernel | 5.19 | cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:* |