Cyber Resilience

CVE-2022-49289

High

Published: 26 February 2025

Published
26 February 2025
Modified
22 September 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0011 29.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49289 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-49289 is an integer overflow vulnerability in the Linux kernel's uaccess subsystem, specifically in the access_ok() function. The issue affects three architectures that check the end of a user access against the address limit without accounting for potential overflows. As a result, passing a negative length or another overflowing value causes the check to return success incorrectly, instead of failing as intended. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By crafting inputs that trigger the overflow in access_ok(), the attacker can bypass user space access validations, potentially leading to high-impact confidentiality violations through unauthorized kernel memory disclosure and high-impact availability disruptions such as kernel crashes or denial of service.

Mitigation involves applying kernel patches from the provided stable branch commits, including 222ca305c9fd39e5ed8104da25c09b2b79a516a8, 99801e2f457824955da4aadaa035913a6dede03a, a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8, and e65d28d4e9bf90a35ba79c06661a572a38391dec. These commits implement a corrected access_ok() logic that properly handles overflows, optimizing for constant 'size' arguments with a single comparison in the common case.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length…

more

or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Local kernel integer overflow bypasses access_ok() checks, directly enabling exploitation for privilege escalation (T1068) and credential access via kernel memory disclosure (T1212).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31648Same product: Linux Linux Kernel
CVE-2026-31633Same product: Linux Linux Kernel
CVE-2026-31699Same product: Linux Linux Kernel
CVE-2024-51729Same product: Linux Linux Kernel
CVE-2023-53000Same product: Linux Linux Kernel
CVE-2026-31708Same product: Linux Linux Kernel
CVE-2024-57928Same product: Linux Linux Kernel
CVE-2026-31649Same product: Linux Linux Kernel
CVE-2022-49560Same product: Linux Linux Kernel
CVE-2026-31782Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.17 · 3.2 — 5.15.32 · 5.16 — 5.16.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and patching of the integer overflow flaw in the kernel's access_ok() function.

prevent

Enforces approved authorizations for user-to-kernel access, preventing bypasses caused by the overflow in access_ok() validation.

prevent

Requires validation of boundaries and content of inputs like negative or overflowing lengths passed to access_ok(), blocking the exploitation vector.

References