CVE-2022-49163
Published: 26 February 2025
Summary
CVE-2022-49163 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 35.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-49163 is a vulnerability in the Linux kernel's media subsystem, specifically the imx-jpeg driver, involving an out-of-bounds array access (CWE-125). The issue arises when an error occurs during JPEG parsing before a slot is properly acquired, leaving the slot value at its default MXC_MAX_SLOTS. Accessing the slot with this incorrect value leads to out-of-bounds read and write, corrupting the adjacent num_domains field in the mxc_jpeg_dev structure.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), as indicated by its CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). By triggering a JPEG parsing error in the imx-jpeg driver, the attacker causes structural corruption that prevents proper detachment of power management domains during module removal (rmmod). This results in a kernel panic upon attempting to reload (insmod) the module, potentially enabling denial-of-service or unauthorized data access due to the high confidentiality and availability impacts.
Mitigation involves applying upstream patches from the Linux kernel stable repository, including commits 02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747, 20c8b90430c5d6c4a3936eaa7c35aac670581487, 97558d170a1236280407e8d29a7d095d2c2ed554, and e209e6db2e527db6a93b14c2deedf969caca78fc, which fix the slot validation and bounds checking in the driver. Security practitioners should ensure affected systems update to kernels incorporating these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-55062
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it may be the default value MXC_MAX_SLOTS. If…
more
the driver access the slot using the incorrect slot number, it will access array out of bounds. The result is the driver will change num_domains, which follows slot_data in struct mxc_jpeg_dev. Then the driver won't detach the pm domain at rmmod, which will lead to kernel panic when trying to insmod again.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read/write in kernel driver directly enables local exploitation causing kernel panic and DoS (high availability impact); matches Application or System Exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates timely identification, reporting, and patching of the out-of-bounds array access flaw in the imx-jpeg driver, directly addressing the root cause via upstream kernel commits.
Requires secure error handling during JPEG parsing to prevent out-of-bounds access when a slot is not properly acquired, avoiding corruption of the num_domains field.
Enforces validation of inputs to the imx-jpeg driver, including JPEG data and slot values, to block malformed inputs that trigger the erroneous parsing path leading to bounds violations.