Cyber Resilience

CVE-2022-49218

High

Published: 26 February 2025

Published
26 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0001 1.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49218 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-49218 is an out-of-bounds read vulnerability in the Linux kernel's Direct Rendering Manager (DRM) DisplayPort (DP) helper code, specifically in the drm_dp_get_adjust_request_post_cursor function within drivers/gpu/drm/drm_dp_helper.c. The issue arises because the link_status array, defined as a fixed-size array of 6 bytes (DP_LINK_STATUS_SIZE), is accessed with an index that can reach 10 when handling the Adjust Request Post Cursor2 register, triggering an out-of-bounds read. This was detected during a build with -Warray-bounds warnings. The vulnerability affects Linux kernel versions incorporating the flawed DRM/DP helper code.

Exploitation requires local access to the system with low privileges (AV:L/AC:L/PR:L/UI:N/S:U). A malicious local user could trigger the vulnerable code path during DisplayPort link status handling, potentially leading to high confidentiality impact through unauthorized memory reads (C:H) and high availability impact via denial of service, such as kernel crashes (A:H), with no integrity impact (I:N). The CVSS v3.1 base score is 7.1, and it is associated with CWE-125 (Out-of-bounds Read).

Kernel stable patches address the issue by removing the common helper function drm_dp_get_adjust_request_post_cursor and replacing its sole usage with an open-coded fetch and decode operation, mirroring the approach in drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c. The fixes are available in kernel stable commits at https://git.kernel.org/stable/c/a2151490cc6c57b368d7974ffd447a8b36ade639 and https://git.kernel.org/stable/c/aeaed9a9fe694f8b1462fb81e2d33298c929180b.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function…

more

to avoid an OOB read, found with a -Warray-bounds build: drivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor': drivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds] 59 | return link_status[r - DP_LANE0_1_STATUS]; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status' 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE], | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Replace the only user of the helper with an open-coded fetch and decode, similar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read enables local kernel memory disclosure for credential access (T1212) and system crashes for DoS via exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2022-49368Same product: Linux Linux Kernel
CVE-2025-21743Same product: Linux Linux Kernel
CVE-2022-49738Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel
CVE-2026-23269Same product: Linux Linux Kernel
CVE-2022-49249Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.5 — 5.17.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates obtaining, testing, and installing patches for known flaws like the OOB read in Linux kernel DRM DP helper code, preventing exploitation via kernel stable commits.

detect

Requires vulnerability scanning and monitoring to identify the presence of CVE-2022-49218 in deployed Linux kernels based on version and patch status.

prevent

Provides memory protections like KASLR and SMAP that limit the impact of kernel OOB reads by complicating unauthorized memory disclosure or DoS exploitation.

References