VDB

CVE-2022-49289

CVE-2022-49289 PUBLISHED

Reported by Linux · Published February 26, 2025

In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison.

EPSS 0.12% · 29.7th percentile

Risk Scores

EPSS Score
0.12%
29.7th percentile

Affected Products

VendorProductVersions
LinuxLinux7567746e1c0d66ac0ef8a9d8816ca694462c7370, 7567746e1c0d66ac0ef8a9d8816ca694462c7370, 7567746e1c0d66ac0ef8a9d8816ca694462c7370
LinuxLinux3.2, 0, 5.15.32
LinuxLinux*, 7567746e1c0d66ac0ef8a9d8816ca694462c7370, 7567746e1c0d66ac0ef8a9d8816ca694462c7370
linuxlinux_kernel3.2, 3.2, 3.2

Timeline

  • Feb 26, 2025 CVE Published
  • Feb 27, 2025 EPSS Score
  • Mar 13, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Apr 10, 2025 EPSS Score
  • Apr 24, 2025 EPSS Score
  • May 8, 2025 EPSS Score
  • May 22, 2025 EPSS Score
  • Jun 5, 2025 EPSS Score
  • Jun 20, 2025 EPSS Score
  • Jul 4, 2025 EPSS Score
  • Jul 18, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›