CVE-2022-49278
Published: 26 February 2025
Summary
CVE-2022-49278 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2022-49278 is an integer underflow vulnerability in the Linux kernel's remoteproc subsystem. The issue affects the rproc_coredump_write() function, which does not check if the count parameter is zero, potentially leading to an underflow. This flaw, classified under CWE-191, has been addressed by aligning the count check with the implementation in rproc_recovery_write().
According to its CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), the vulnerability can be exploited by a local attacker with low privileges. Exploitation requires low attack complexity and no user interaction, allowing the attacker to achieve high impacts on system integrity and availability, with no confidentiality impact.
Mitigation is provided through kernel patches in the following stable commits: https://git.kernel.org/stable/c/11572dad9fbadbd9269a2550f7e236b5b8c2d80c, https://git.kernel.org/stable/c/34afac3c75fa08d6fabbab4c93f0a90618afaaa6, https://git.kernel.org/stable/c/a8c3e53517985d69040a1b36a269e85f99cf0cea, https://git.kernel.org/stable/c/b97b305656a7013690e7b6e310f0e827e0bbff90, and https://git.kernel.org/stable/c/f89672cc3681952f2d06314981a6b45f8b0045d1. Security practitioners should ensure affected Linux kernel versions are updated with these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54948
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fix count check in rproc_coredump_write() Check count for 0, to avoid a potential underflow. Make the check the same as the one in rproc_recovery_write().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel integer underflow in remoteproc write path enables memory corruption or system instability exploitable by low-privileged users for privilege escalation or targeted DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring identification, prioritization, and timely application of kernel patches that fix the integer underflow in rproc_coredump_write().
Addresses the root cause by enforcing validation of input parameters such as the count value passed to kernel functions to prevent integer underflows.
Mitigates the vulnerability by ensuring secure error handling for edge cases like zero count values, avoiding underflow and potential system integrity or availability impacts.