CVE-2022-49122
Linux Kernel DM IOCTL Spectre v1 Gadget Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.
INFO
Published Date :
Feb. 26, 2025, 7 a.m.
Last Modified :
Feb. 26, 2025, 7 a.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-49122.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-49122 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-49122 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 26, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. Added Reference https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32 Added Reference https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140 Added Reference https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184 Added Reference https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6 Added Reference https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914 Added Reference https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f Added Reference https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d Added Reference https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18 Added Reference https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-49122 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-49122
weaknesses.