CVE-2022-49444

HIGH

Linux Kernel 5.4.110-5.4.x - Out-of-bounds Read in Module Loader

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: module: fix [e_shstrndx].sh_size=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if (info->secstrings[strhdr->sh_size - 1] != '\0') { BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:load_module+0x19b/0x2391 [rebased patch onto modules-next]

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/09cb6663618a74fe5572a4931ecbf098832e79ec

Patch

https://git.kernel.org/stable/c/921630e2e5124a04158129a8f22f4b425e61a858

Patch

https://git.kernel.org/stable/c/45a76414b6d8b8b39c23fea53b9d20e831ae72a0

Patch

https://git.kernel.org/stable/c/391e982bfa632b8315235d8be9c0a81374c6a19c

Scores

CVSS v3 7.1

EPSS 0.0027

EPSS Percentile 19.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (17)

Linux/Linux < 5.12

Linux/Linux 05d891e76dde3e430c707dae7d85139794eeadbd

Linux/Linux 214aa69cac91a723239118bbbfe77d5654ddff6b

Linux/Linux 5.10.26 - 5.11

Linux/Linux 5.11.3 - 5.12

Linux/Linux 5.12

Linux/Linux 5.15.54 - 5.15.*

Linux/Linux 5.17.14 - 5.17.*

Linux/Linux 5.18.3 - 5.18.*

Linux/Linux 5.19

... and 7 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026