CVE-2022-49044

CVE-2022-49044 is a memory corruption vulnerability in the Linux kernel's dm-integrity target. It occurs when the tag_size parameter is configured to be smaller than the digest size, causing dm-integrity to ignore part of the digest beyond tag_size. This misconfiguration leads to an out-of-bounds write in the ic->recalc_tags array during the integrity_recalc->integrity_sector_checksum->crypto_shash_final path, as the loop in integrity_recalc writes a full digest size for the last array member without sufficient padding.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation results in high impacts on confidentiality, integrity, and availability, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). This could enable memory corruption, potentially leading to arbitrary code execution, data tampering, or system denial of service within the kernel context.

Mitigation involves applying the relevant stable kernel patches, available in the following upstream commits: 08c1af8f1c13bbf210f1760132f4df24d0ed46d6, 4d485cf9b609709e45d5113e6e2b1b01254b2fe9, 6a95d91c0b315c965198f6ab7dec7c94129e17e0, 6b4bf97587ef6c1927a78934b700204920655123, and 7f84c937222944c03f4615ca4742df6bed0e5adf. These fixes increase the tags array size to include padding, preventing the out-of-bounds write. Security practitioners should ensure systems using dm-integrity update to kernels incorporating these changes.