Cyber Resilience

CVE-2022-49635

High

Published: 26 February 2025

Published
26 February 2025
Modified
23 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 31.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49635 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49635 is a subtraction overflow vulnerability in the Linux kernel's drm/i915/selftests component. The issue arises when hole_end is small enough to trigger subtraction overflow on certain machines, or when addr + 2 * min_alignment overflows during mock tests. Rated at CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-787 (Out-of-bounds Write), it was resolved via a patch cherry-picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2.

A local attacker with low privileges can exploit this vulnerability without user interaction. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing out-of-bounds writes that lead to kernel crashes or code execution within the local attacker's scope.

Mitigation involves applying the stable kernel patches referenced in the kernel git repository, such as commit 333991c4e66b3d4b5613315f18016da80344f659 and e8997d2d6b8d764e12489f1af2a1ce1d7384ca2a, which explicitly handle both overflow cases in the selftests calculations.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtraction overflow. On the other side (addr + 2 * min_alignment) can overflow in case…

more

of mock tests. This patch should handle both cases. (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel out-of-bounds write vulnerability directly enables exploitation for privilege escalation to achieve code execution or system impact from low-privileged user context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2022-49612Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.19 · 4.12 — 5.18.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of known flaws like the subtraction overflow in Linux kernel drm/i915 selftests via patching to prevent exploitation.

prevent

Implements memory protection mechanisms that mitigate out-of-bounds writes resulting from the overflow vulnerability in kernel selftests.

detect

Conducts vulnerability scanning to identify the presence of CVE-2022-49635 in deployed Linux kernel versions for subsequent remediation.

References