CVE-2022-49643

MEDIUM

Linux Kernel 5.4-5.4.206 5.5-5.10.131 5.11-5.15.55 5.16-5.18.12 - Integer Overflow in IMA Appraisal Measurement

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77

Patch

https://git.kernel.org/stable/c/831e190175f10652be93b08436cc7bf2e62e4bb6

Patch

https://git.kernel.org/stable/c/c8d5d81940938b5f6c0f495ca9538e7740416f30

Patch

https://git.kernel.org/stable/c/640cea4c2839a821adfbb703b590a5928abe9286

Patch

https://git.kernel.org/stable/c/d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 15.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (18)

linux/Kernel 5.11.0 - 5.15.56linux

linux/Kernel 5.16.0 - 5.18.13linux

linux/Kernel 5.4.0 - 5.4.207linux

linux/Kernel 5.5.0 - 5.10.132linux

Linux/Linux < 5.4

Linux/Linux 39b07096364a42c516415d5f841069e885234e61 - 388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77

Linux/Linux 39b07096364a42c516415d5f841069e885234e61 - 640cea4c2839a821adfbb703b590a5928abe9286

Linux/Linux 39b07096364a42c516415d5f841069e885234e61 - 831e190175f10652be93b08436cc7bf2e62e4bb6

Linux/Linux 39b07096364a42c516415d5f841069e885234e61 - c8d5d81940938b5f6c0f495ca9538e7740416f30

Linux/Linux 39b07096364a42c516415d5f841069e885234e61 - d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999

... and 8 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026