CVE-2022-49289

HIGH

Linux Kernel 3.2-5.15.31, 5.16.0-5.16.17, 5.17.0 - Integer Overflow in User Access Validation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/e65d28d4e9bf90a35ba79c06661a572a38391dec

Patch

https://git.kernel.org/stable/c/99801e2f457824955da4aadaa035913a6dede03a

Patch

https://git.kernel.org/stable/c/a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8

Patch

https://git.kernel.org/stable/c/222ca305c9fd39e5ed8104da25c09b2b79a516a8

Scores

CVSS v3 7.1

EPSS 0.0024

EPSS Percentile 15.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-190

Status published

Products (15)

linux/Kernel 3.2.0 - 5.15.32linux

linux/Kernel 5.16.0 - 5.16.18linux

linux/Kernel 5.17.0 - 5.17.1linux

Linux/Linux < 3.2

Linux/Linux 3.2

Linux/Linux 5.15.32 - 5.15.*

Linux/Linux 5.16.18 - 5.16.*

Linux/Linux 5.17.1 - 5.17.*

Linux/Linux 5.18

Linux/Linux 7567746e1c0d66ac0ef8a9d8816ca694462c7370 - 222ca305c9fd39e5ed8104da25c09b2b79a516a8

... and 5 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026