Description

In the Linux kernel, the following vulnerability has been resolved: module: fix [e_shstrndx].sh_size=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if (info->secstrings[strhdr->sh_size - 1] != '\0') { BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:load_module+0x19b/0x2391 [rebased patch onto modules-next]

INFO

Published Date :

2025-02-26T02:12:56.606Z

Last Modified :

2025-05-04T12:44:49.062Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49444 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49444.

URL Resource
https://git.kernel.org/stable/c/09cb6663618a74fe5572a4931ecbf098832e79ec cve-icon cve-icon
https://git.kernel.org/stable/c/391e982bfa632b8315235d8be9c0a81374c6a19c cve-icon cve-icon
https://git.kernel.org/stable/c/45a76414b6d8b8b39c23fea53b9d20e831ae72a0 cve-icon cve-icon
https://git.kernel.org/stable/c/921630e2e5124a04158129a8f22f4b425e61a858 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2022-49444-ff21@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49444 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49444 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact