CVE-2022-49289
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison.
Security Summary
CVE-2022-49289 is an integer overflow vulnerability in the Linux kernel's uaccess subsystem, specifically in the access_ok() function. The issue affects three architectures that check the end of a user access against the address limit without accounting for potential overflows. As a result, passing a negative length or another overflowing value causes the check to return success incorrectly, instead of failing as intended. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By crafting inputs that trigger the overflow in access_ok(), the attacker can bypass user space access validations, potentially leading to high-impact confidentiality violations through unauthorized kernel memory disclosure and high-impact availability disruptions such as kernel crashes or denial of service.
Mitigation involves applying kernel patches from the provided stable branch commits, including 222ca305c9fd39e5ed8104da25c09b2b79a516a8, 99801e2f457824955da4aadaa035913a6dede03a, a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8, and e65d28d4e9bf90a35ba79c06661a572a38391dec. These commits implement a corrected access_ok() logic that properly handles overflows, optimizing for constant 'size' arguments with a single comparison in the common case.
Details
- CWE(s)