CVE-2022-49186

HIGH

Linux Kernel 5.17-5.17.1 - Out-of-Bounds Array Access in visconti_clk_register_gates()

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-49186. PoCs published by iamdarshana.

AI-analyzed exploit summary This repository contains a working privilege escalation exploit for CVE-2022-49186, targeting a signed-to-unsigned conversion vulnerability in the Visconti clock driver of Linux kernel versions 5.17.0 to 5.17.1. The exploit leverages an array overflow to corrupt adjacent memory structures and escalate privileges to root.

Description

In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconti_clk_register_gates() This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if (clks[i].rs_id >= 0) condition was always true. This lead to an out of bounds access in visconti_clk_register_gates().

Exploits (1)

nomisec WORKING POC

by iamdarshana · poc

https://github.com/iamdarshana/cve-2022-49186-research

View Code ZIP pw:eip

This repository contains a working privilege escalation exploit for CVE-2022-49186, targeting a signed-to-unsigned conversion vulnerability in the Visconti clock driver of Linux kernel versions 5.17.0 to 5.17.1. The exploit leverages an array overflow to corrupt adjacent memory structures and escalate privileges to root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 5.17.0 - 5.17.1

No auth needed

Prerequisites: Access to the vulnerable device file /dev/visconti_clk · Local user access on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/2723543c1d60278d5aef1c4ad732dbad24b84a81

Patch

https://git.kernel.org/stable/c/c5601e0720ce1a3ad895f94a5838530edde01ed3

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 15.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-129

Status published

Products (8)

linux/Kernel 5.17.0 - 5.17.2linux

Linux/Linux < 5.17

Linux/Linux 5.17

Linux/Linux 5.17.2 - 5.17.*

Linux/Linux 5.18

Linux/Linux b4cbe606dc3674b25cb661e7cd1a1c6ddaaafaaa - 2723543c1d60278d5aef1c4ad732dbad24b84a81

Linux/Linux b4cbe606dc3674b25cb661e7cd1a1c6ddaaafaaa - c5601e0720ce1a3ad895f94a5838530edde01ed3

linux/linux_kernel 5.17 - 5.17.2

Published Feb 26, 2025

Tracked Since Feb 18, 2026