CVE-2022-49444

CVE-2022-49444 is an out-of-bounds read vulnerability in the Linux kernel's module loading subsystem. It occurs when processing ELF modules with a section header string table index (e_shstrndx) where sh_size is set to 0, leading to an invalid access in the check `if (info->secstrings[strhdr->sh_size - 1] != '\0')`. This can trigger a page fault and kernel oops during module loading, as demonstrated by a crafted module loaded via insmod. The issue affects the load_module function and has a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), mapped to CWE-125.

A local attacker with low privileges can exploit this vulnerability by crafting and loading a malicious kernel module. The low attack complexity and lack of user interaction requirement make it straightforward to trigger. Successful exploitation results in high-impact availability disruption through a kernel crash (denial of service via oops) and potential high confidentiality impact by exposing kernel memory contents during the fault.

Mitigation involves applying the upstream kernel patches referenced in the stable repository, such as commits 09cb6663618a74fe5572a4931ecbf098832e79ec, 391e982bfa632b8315235d8be9c0a81374c6a19c, 45a76414b6d8b8b39c23fea53b9d20e831ae72a0, and 921630e2e5124a04158129a8f22f4b425e61a858, which have been rebased onto the modules-next branch to fix the OOB access. Security practitioners should ensure systems run patched kernel versions to prevent module loading from untrusted sources.