Cyber Resilience

CVE-2022-49278

High

Published: 26 February 2025

Published
26 February 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0003 10.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49278 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-49278 is an integer underflow vulnerability in the Linux kernel's remoteproc subsystem. The issue affects the rproc_coredump_write() function, which does not check if the count parameter is zero, potentially leading to an underflow. This flaw, classified under CWE-191, has been addressed by aligning the count check with the implementation in rproc_recovery_write().

According to its CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), the vulnerability can be exploited by a local attacker with low privileges. Exploitation requires low attack complexity and no user interaction, allowing the attacker to achieve high impacts on system integrity and availability, with no confidentiality impact.

Mitigation is provided through kernel patches in the following stable commits: https://git.kernel.org/stable/c/11572dad9fbadbd9269a2550f7e236b5b8c2d80c, https://git.kernel.org/stable/c/34afac3c75fa08d6fabbab4c93f0a90618afaaa6, https://git.kernel.org/stable/c/a8c3e53517985d69040a1b36a269e85f99cf0cea, https://git.kernel.org/stable/c/b97b305656a7013690e7b6e310f0e827e0bbff90, and https://git.kernel.org/stable/c/f89672cc3681952f2d06314981a6b45f8b0045d1. Security practitioners should ensure affected Linux kernel versions are updated with these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fix count check in rproc_coredump_write() Check count for 0, to avoid a potential underflow. Make the check the same as the one in rproc_recovery_write().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel integer underflow in remoteproc write path enables memory corruption or system instability exploitable by low-privileged users for privilege escalation or targeted DoS.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31656Same product: Linux Linux Kernel
CVE-2026-31417Same product: Linux Linux Kernel
CVE-2026-31662Same product: Linux Linux Kernel
CVE-2026-31419Same product: Linux Linux Kernel
CVE-2025-21883Same product: Linux Linux Kernel
CVE-2022-49196Same product: Linux Linux Kernel
CVE-2021-47640Same product: Linux Linux Kernel
CVE-2025-71091Same product: Linux Linux Kernel
CVE-2026-43056Same product: Linux Linux Kernel
CVE-2026-31506Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.9 — 5.10.110 · 5.11 — 5.15.33 · 5.16 — 5.16.19

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring identification, prioritization, and timely application of kernel patches that fix the integer underflow in rproc_coredump_write().

prevent

Addresses the root cause by enforcing validation of input parameters such as the count value passed to kernel functions to prevent integer underflows.

prevent

Mitigates the vulnerability by ensuring secure error handling for edge cases like zero count values, avoiding underflow and potential system integrity or availability impacts.

References