Cyber Resilience

CVE-2022-49249

High

Published: 26 February 2025

Published
26 February 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0002 7.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49249 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2022-49249 is an out-of-bounds array access vulnerability (CWE-125) in the Linux kernel's ASoC (ALSA System on Chip) subsystem, specifically the wc938x codec driver. The issue arises from accessing enums using integer indices, which leads to out-of-bounds reads on platforms like aarch64 where the size of a long (8 bytes) exceeds the enum size (4 bytes). This flaw has a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high impact on confidentiality and availability with no integrity impact.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows reading sensitive data from out-of-bounds memory (high confidentiality impact) and potentially causing denial of service through application crashes or kernel instability (high availability impact), while the scope remains unchanged.

Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references: adafea71b49ec4dbc44e0b84ec6eb602004a7a08, cc587b7c8fbbe128f6bd0dad025a0caea5e6d164, d09aee1b1da196be11ed86dd4897f228f2487613, and f03c0c94186d5876857132d97e28f20cdc100bdc. These commits fix the issue by replacing integer accesses with proper enumerated items.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeof(long)…

more

is 8 compared to enum size which is 4 bytes. Fix this by using enumerated items instead of integers.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read enables local credential/memory data access (T1212); kernel instability enables targeted DoS via exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2022-49368Same product: Linux Linux Kernel
CVE-2025-21743Same product: Linux Linux Kernel
CVE-2022-49738Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel
CVE-2026-23269Same product: Linux Linux Kernel
CVE-2026-31568Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.14 — 5.15.33 · 5.16 — 5.16.19 · 5.17 — 5.17.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of kernel flaws like this out-of-bounds array access via patching the identified commits.

prevent

Provides memory protections such as ASLR and non-executable stacks that mitigate exploitation of out-of-bounds reads and crashes in kernel drivers.

prevent

Restricts unnecessary kernel functionality, such as disabling the wc938x codec driver module if not required, reducing attack surface for local low-privilege exploits.

References