CVE-2022-49643

MEDIUM EPSS 15.7%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥5.4  –  <5.4.207
linuxlinux_kernel*≥5.5  –  <5.10.132
linuxlinux_kernel*≥5.11  –  <5.15.56
linuxlinux_kernel*≥5.16  –  <5.18.13
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/640cea4c2839a821adfbb703b590a5928abe9286
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/831e190175f10652be93b08436cc7bf2e62e4bb6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c8d5d81940938b5f6c0f495ca9538e7740416f30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/640cea4c2839a821adfbb703b590a5928abe9286
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/831e190175f10652be93b08436cc7bf2e62e4bb6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c8d5d81940938b5f6c0f495ca9538e7740416f30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999
    Patch