CVE-2022-49852

HIGH EPSS 5.9%
Published May 1, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published May 1, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.15  –  <4.19.267
linuxlinux_kernel*≥4.20  –  <5.4.225
linuxlinux_kernel*≥5.5  –  <5.10.155
linuxlinux_kernel*≥5.11  –  <5.15.79
linuxlinux_kernel*≥5.16  –  <6.0.9
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
    Patch