Cyber Resilience

CVE-2022-49145

High

Published: 26 February 2025

Published
26 February 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0001 1.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49145 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49145 is a vulnerability in the Linux kernel's ACPI CPPC component that results in an out-of-bounds read (CWE-125). The issue arises during parsing of the _CPC return package, where the kernel attempts to access the "Revision" element even if the NumEntries field is less than 2, potentially leading to access of data that is not present.

The vulnerability has a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating it can be exploited by a local attacker with low privileges. Exploitation requires low complexity and no user interaction, allowing the attacker to achieve high-impact confidentiality loss, such as information disclosure, and high-impact availability disruption, such as a kernel crash or denial of service.

Mitigation is provided through kernel patches in stable branches, which avoid the out-of-bounds access by checking if NumEntries is at least 2 before accessing the Revision element. Relevant commits include: https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252, https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b, https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b, https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5, and https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1. Security practitioners should ensure affected Linux kernel versions are updated with these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the…

more

"Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

OOB read enables local kernel memory disclosure (T1005); crash path enables endpoint DoS via system exploitation (T1499).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31464Same product: Linux Linux Kernel
CVE-2025-71201Same product: Linux Linux Kernel
CVE-2022-49623Same product: Linux Linux Kernel
CVE-2026-31513Same product: Linux Linux Kernel
CVE-2026-31614Same product: Linux Linux Kernel
CVE-2025-21789Same product: Linux Linux Kernel
CVE-2025-21741Same product: Linux Linux Kernel
CVE-2024-52332Same product: Linux Linux Kernel
CVE-2026-23235Same product: Linux Linux Kernel
CVE-2022-49518Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.4 — 4.9.311 · 4.10 — 4.14.276 · 4.15 — 4.19.238

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely identification, reporting, and correction of kernel flaws like this out-of-bounds read via patching to prevent exploitation.

detect

Requires vulnerability monitoring and scanning to identify systems running Linux kernel versions affected by CVE-2022-49145.

detect

Ensures receipt and response to security alerts and advisories providing patches for this ACPI CPPC parsing vulnerability.

References