CVE-2022-49122

MEDIUM EPSS 20.5%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
20.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel* <4.9.311
linuxlinux_kernel*≥4.10  –  <4.14.276
linuxlinux_kernel*≥4.15  –  <4.19.238
linuxlinux_kernel*≥4.20  –  <5.4.189
linuxlinux_kernel*≥5.5  –  <5.10.111
linuxlinux_kernel*≥5.11  –  <5.15.34
linuxlinux_kernel*≥5.16  –  <5.16.20
linuxlinux_kernel*≥5.17  –  <5.17.3

References 9

  • git.kernel.org https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4
    Patch