Cyber Resilience

CVE-2022-49044

High

Published: 26 February 2025

Published
26 February 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49044 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2022-49044 is a memory corruption vulnerability in the Linux kernel's dm-integrity target. It occurs when the tag_size parameter is configured to be smaller than the digest size, causing dm-integrity to ignore part of the digest beyond tag_size. This misconfiguration leads to an out-of-bounds write in the ic->recalc_tags array during the integrity_recalc->integrity_sector_checksum->crypto_shash_final path, as the loop in integrity_recalc writes a full digest size for the last array member without sufficient padding.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation results in high impacts on confidentiality, integrity, and availability, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). This could enable memory corruption, potentially leading to arbitrary code execution, data tampering, or system denial of service within the kernel context.

Mitigation involves applying the relevant stable kernel patches, available in the following upstream commits: 08c1af8f1c13bbf210f1760132f4df24d0ed46d6, 4d485cf9b609709e45d5113e6e2b1b01254b2fe9, 6a95d91c0b315c965198f6ab7dec7c94129e17e0, 6b4bf97587ef6c1927a78934b700204920655123, and 7f84c937222944c03f4615ca4742df6bed0e5adf. These fixes increase the tags array size to include padding, preventing the out-of-bounds write. Security practitioners should ensure systems using dm-integrity update to kernels incorporating these changes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than…

more

the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_shash_final. Fix this corruption by increasing the tags array so that it has enough padding at the end to accomodate the loop in integrity_recalc() being able to write a full digest size for the last member of the tags array.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption (OOB write) in dm-integrity directly enables privilege escalation via arbitrary code execution from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2022-49612Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.18 · 4.12 — 4.19.240 · 4.20 — 5.4.190 · 5.5 — 5.10.112

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through application of stable kernel patches directly eliminates the out-of-bounds write in dm-integrity's recalc_tags array.

prevent

Implementation of memory protection mechanisms such as kernel address space layout randomization and supervisor mode execution prevention mitigates exploitation of the memory corruption vulnerability.

prevent

Establishment of secure configuration settings for dm-integrity ensures tag_size is not set smaller than the digest size, preventing the condition that triggers the out-of-bounds write.

References