CVE-2022-49044

HIGH EPSS 17.3%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_shash_final. Fix this corruption by increasing the tags array so that it has enough padding at the end to accomodate the loop in integrity_recalc() being able to write a full digest size for the last member of the tags array.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
17.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.12  –  <4.19.240
linuxlinux_kernel*≥4.20  –  <5.4.190
linuxlinux_kernel*≥5.5  –  <5.10.112
linuxlinux_kernel*≥5.11  –  <5.15.35
linuxlinux_kernel*≥5.16  –  <5.17.4
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/08c1af8f1c13bbf210f1760132f4df24d0ed46d6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4d485cf9b609709e45d5113e6e2b1b01254b2fe9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6b4bf97587ef6c1927a78934b700204920655123
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f84c937222944c03f4615ca4742df6bed0e5adf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd02b2687d66f0a8e716384de4b9a0671331f1dc
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/08c1af8f1c13bbf210f1760132f4df24d0ed46d6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4d485cf9b609709e45d5113e6e2b1b01254b2fe9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6b4bf97587ef6c1927a78934b700204920655123
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f84c937222944c03f4615ca4742df6bed0e5adf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd02b2687d66f0a8e716384de4b9a0671331f1dc
    Patch