CVE-2022-49289

In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/222ca305c9fd39e5ed8104da25c09b2b79a516a8	Patch
https://git.kernel.org/stable/c/99801e2f457824955da4aadaa035913a6dede03a	Patch
https://git.kernel.org/stable/c/a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8	Patch
https://git.kernel.org/stable/c/e65d28d4e9bf90a35ba79c06661a572a38391dec	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:::::::*

History

No history.

Information

Published : 2025-02-26 07:01

Updated : 2025-09-22 19:37

NVD link : CVE-2022-49289

Mitre link : CVE-2022-49289

CVE.ORG link : CVE-2022-49289

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2022-49289", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:05.757", "references": [{"url": "https://git.kernel.org/stable/c/222ca305c9fd39e5ed8104da25c09b2b79a516a8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/99801e2f457824955da4aadaa035913a6dede03a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e65d28d4e9bf90a35ba79c06661a572a38391dec", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuaccess: fix integer overflow on access_ok()\n\nThree architectures check the end of a user access against the\naddress limit without taking a possible overflow into account.\nPassing a negative length or another overflow in here returns\nsuccess when it should not.\n\nUse the most common correct implementation here, which optimizes\nfor a constant 'size' argument, and turns the common case into a\nsingle comparison."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uaccess: fix entire entiret overflow on access_ok() Tres arquitecturas comprueban el final de un acceso de usuario contra el l\u00edmite de direcciones sin tener en cuenta un posible desbordamiento. Pasar una longitud negativa u otro desbordamiento aqu\u00ed devuelve \u00e9xito cuando no deber\u00eda. Utilice la implementaci\u00f3n correcta m\u00e1s com\u00fan aqu\u00ed, que optimiza para un argumento de \"tama\u00f1o\" constante y convierte el caso com\u00fan en una \u00fanica comparaci\u00f3n."}], "lastModified": "2025-09-22T19:37:19.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00480024-DE11-483F-9FC2-2A54FC54891F", "versionEndExcluding": "5.15.32", "versionStartIncluding": "3.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C86410A0-E312-4F41-93E9-929EAFB31757", "versionEndExcluding": "5.16.18", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35799228-BFF6-4426-AD3B-F452EA83320F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}