Cyber Resilience

CVE-2022-49058

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49058 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2022-49058 is a potential buffer overflow vulnerability in the Linux kernel's CIFS (Common Internet File System) implementation during symlink handling. The issue stems from an unchecked 'link_len' value parsed via sscanf(), which Smatch marks as untrusted and flagged as capable of reaching u32max, exceeding the size of the 'link_str' buffer (as exemplified in a Smatch warning for a similar memcpy in arch/x86/crypto/poly1305_glue.c).

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation leads to high impacts on confidentiality, integrity, and availability (CVSS:3.1 score of 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), potentially enabling arbitrary code execution, data corruption, or system crashes via the buffer overflow (CWE-120).

Mitigation requires updating to patched Linux kernel stable versions via the referenced commits, including https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739, https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186, https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2, https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05, and https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0. These patches add a bounds check to ensure 'link_len' does not exceed the 'link_str' buffer size.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since…

more

it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel buffer overflow in CIFS symlink handling directly enables privilege escalation via arbitrary code execution from low-privileged local access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21780Same product: Linux Linux Kernel
CVE-2022-49754Same product: Linux Linux Kernel
CVE-2026-31622Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.18 · 2.6.37 — 4.9.311 · 4.10 — 4.14.276 · 4.15 — 4.19.239

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause by requiring validation of untrusted inputs like link_len parsed from sscanf() to prevent exceeding the link_str buffer size in CIFS symlink handling.

prevent

Mandates identification, reporting, and correction of flaws like this buffer overflow via kernel patching to the referenced stable commits.

prevent

Implements memory protections to mitigate exploitation of buffer overflows in kernel code, limiting impacts on confidentiality, integrity, and availability even if validation fails.

References