Cyber Resilience

CVE-2022-49186

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49186 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49186 is a vulnerability in the Linux kernel's visconti clock driver, specifically an array overflow in the visconti_clk_register_gates() function. The issue arises because the code used -1 to indicate no reset function, but this value was stored in a u8 type, causing the condition if (clks[i].rs_id >= 0) to always evaluate as true. This results in an out-of-bounds access. The vulnerability is classified under CWE-129 (Improper Validation of Array Index) with a CVSS v3.1 base score of 7.8.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation leads to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope, potentially allowing arbitrary code execution, data corruption, or system crashes through the out-of-bounds memory access.

Mitigation involves applying the relevant Linux kernel patches, as detailed in the commit at https://git.kernel.org/stable/c/2723543c1d60278d5aef1c4ad732dbad24b84a81 and https://git.kernel.org/stable/c/c5601e0720ce1a3ad895f94a5838530edde01ed3, which resolve the improper handling of the reset ID value to prevent the array overflow.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconti_clk_register_gates() This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if…

more

(clks[i].rs_id >= 0) condition was always true. This lead to an out of bounds access in visconti_clk_register_gates().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption (array out-of-bounds) in a device driver directly enables privilege escalation via exploitation of the vulnerability for arbitrary code execution from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2022-49170Same product: Linux Linux Kernel
CVE-2026-23354Same product: Linux Linux Kernel
CVE-2025-71100Same product: Linux Linux Kernel
CVE-2025-21692Same product: Linux Linux Kernel
CVE-2022-49720Same product: Linux Linux Kernel
CVE-2023-52987Same product: Linux Linux Kernel
CVE-2023-53019Same product: Linux Linux Kernel
CVE-2022-49478Same product: Linux Linux Kernel
CVE-2022-49548Same product: Linux Linux Kernel
CVE-2025-71143Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.17 — 5.17.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the specific array overflow flaw in the Linux kernel's visconti clock driver through patching.

prevent

Implements memory protection mechanisms such as ASLR and DEP to mitigate exploitation of the out-of-bounds access leading to code execution or crashes.

detect

Enables vulnerability scanning to identify the presence of CVE-2022-49186 in the Linux kernel for prompt remediation.

References