CVE-2022-49395
Linux Kernel Um LDT Setup Stack Out-of-Bounds Read Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_stack_lvl+0x1f/0x27 print_report.cold+0xdb/0xf81 kasan_report+0x119/0x1f0 kasan_check_range+0x3a3/0x440 memcpy+0x52/0x140 syscall_stub_data+0x70/0xe0 write_ldt_entry+0xac/0x190 init_new_ldt+0x515/0x960 init_new_context+0x2c4/0x4d0 mm_init.constprop.0+0x5ed/0x760 mm_alloc+0x118/0x170 0x60033f48 do_one_initcall+0x1d7/0x860 0x60003e7b kernel_init+0x6e/0x3d4 new_thread_handler+0x1e7/0x2c0 The buggy address belongs to stack of task swapper/1 and is located at offset 64 in frame: init_new_ldt+0x0/0x960 This frame has 2 objects: [32, 40) 'addr' [64, 80) 'desc' ==================================================================
INFO
Published Date :
Feb. 26, 2025, 7:01 a.m.
Last Modified :
April 17, 2025, 8:48 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
5.2
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-49395.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-49395 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-49395 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 17, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Added CWE CWE-125 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.198 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.121 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.46 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.17.14 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18 up to (excluding) 5.18.3 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.283 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.15 up to (excluding) 4.9.318 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.247 Added Reference Type kernel.org: https://git.kernel.org/stable/c/10995a382271254bd276627ec74136da4a23c4a6 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/24ca648bf5f72ed8878cf09b5d4431935779681e Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/2a4a62a14be1947fa945c5c11ebf67326381a568 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/3549ab4b962cf619e8c55484a0d870a34b3f845f Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/668ca34a428d6ffc0f99a1a6a9b661a288d4183b Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/91e5ba2af2d729d5126aefd5aa3eadc69b8426e5 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/9caad70819aef3431abaf73ba5163b55b161aba0 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/cf0dabc37446c5ee538ae7b4c467ab0e53fa5463 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ef1dc929a1e5fa1b2d842256db9fb8710d3be910 Types: Patch -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 26, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_stack_lvl+0x1f/0x27 print_report.cold+0xdb/0xf81 kasan_report+0x119/0x1f0 kasan_check_range+0x3a3/0x440 memcpy+0x52/0x140 syscall_stub_data+0x70/0xe0 write_ldt_entry+0xac/0x190 init_new_ldt+0x515/0x960 init_new_context+0x2c4/0x4d0 mm_init.constprop.0+0x5ed/0x760 mm_alloc+0x118/0x170 0x60033f48 do_one_initcall+0x1d7/0x860 0x60003e7b kernel_init+0x6e/0x3d4 new_thread_handler+0x1e7/0x2c0 The buggy address belongs to stack of task swapper/1 and is located at offset 64 in frame: init_new_ldt+0x0/0x960 This frame has 2 objects: [32, 40) 'addr' [64, 80) 'desc' ================================================================== Added Reference https://git.kernel.org/stable/c/10995a382271254bd276627ec74136da4a23c4a6 Added Reference https://git.kernel.org/stable/c/24ca648bf5f72ed8878cf09b5d4431935779681e Added Reference https://git.kernel.org/stable/c/2a4a62a14be1947fa945c5c11ebf67326381a568 Added Reference https://git.kernel.org/stable/c/3549ab4b962cf619e8c55484a0d870a34b3f845f Added Reference https://git.kernel.org/stable/c/668ca34a428d6ffc0f99a1a6a9b661a288d4183b Added Reference https://git.kernel.org/stable/c/91e5ba2af2d729d5126aefd5aa3eadc69b8426e5 Added Reference https://git.kernel.org/stable/c/9caad70819aef3431abaf73ba5163b55b161aba0 Added Reference https://git.kernel.org/stable/c/cf0dabc37446c5ee538ae7b4c467ab0e53fa5463 Added Reference https://git.kernel.org/stable/c/ef1dc929a1e5fa1b2d842256db9fb8710d3be910
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-49395 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-49395
weaknesses.