Cyber Resilience

CVE-2022-49251

High

Published: 26 February 2025

Published
26 February 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0015 35.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49251 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 35.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49251 is an out-of-bounds array access vulnerability in the Linux kernel's ASoC (ALSA System on Chip) subsystem, specifically within the va-macro codec driver. The issue arises from accessing enums using integer indices, which leads to out-of-bounds reads on platforms like aarch64 where the size of a long (8 bytes) exceeds the enum size (4 bytes). This flaw, classified under CWE-125 (Out-of-bounds Read), carries a CVSS v3.1 base score of 7.1.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations, such as reading sensitive data from out-of-bounds memory, and high-impact availability disruptions, potentially leading to kernel crashes or denial of service, while integrity remains unaffected.

Mitigation involves applying the relevant stable kernel patches, as detailed in the provided commit references: 0ea5eff7c6063a8f124188424f8e4c6727f35051, 4a799972a283ab4ec031041304d7e2d34e1a16eb, 966408e37d84b762d11978b7bfb03fff0c6222ad, and c0099bbf8bc85d30c4cf38220fca3c8d4253fa7f. Security practitioners should update affected Linux kernels to incorporate these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeof(long)…

more

is 8 compared to enum size which is 4 bytes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Local kernel OOB read enables memory disclosure for credential access via sensitive data leakage from kernel space.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71116Same product: Linux Linux Kernel
CVE-2022-49368Same product: Linux Linux Kernel
CVE-2025-21743Same product: Linux Linux Kernel
CVE-2022-49738Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2022-49518Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.11 — 5.15.33 · 5.16 — 5.16.19 · 5.17 — 5.17.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of the out-of-bounds read flaw in the Linux kernel va-macro driver via patching as specified in the CVE commit fixes.

prevent

Implements memory protections such as ASLR and stack canaries that mitigate the impact of out-of-bounds array reads by local attackers.

detect

Requires vulnerability scanning to identify the presence of CVE-2022-49251 in kernel versions, enabling proactive patching.

References