CVE-2022-49186 – A Linux kernel vulnerability in the clk: viscon... (How to Fix)

Q: What is the severity of CVE-2022-49186?

CVE-2022-49186 has a CVSS score of 7.8 (HIGH). A Linux kernel vulnerability in the clk: visconti driver allows local attackers to cause an array overflow by exploiting improper type casting. This affects systems using Toshiba Visconti ARM SoCs with vulnerable kernel versions, potentially leading to kernel crashes or privilege escalation.

📋 TL;DR

A Linux kernel vulnerability in the clk: visconti driver allows local attackers to cause an array overflow by exploiting improper type casting. This affects systems using Toshiba Visconti ARM SoCs with vulnerable kernel versions, potentially leading to kernel crashes or privilege escalation.

💻 Affected Systems

Products:

Linux kernel with clk: visconti driver

Versions: Kernel versions before the fix commits (stable kernels before 2723543c1d60278d5aef1c4ad732dbad24b84a81 and c5601e0720ce1a3ad895f94a5838530edde01ed3)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if system uses Toshiba Visconti ARM SoCs (TMPV7708, TMPV7709, etc.) and has the visconti clock controller driver enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel panic leading to denial of service (system crash) when malicious user triggers the overflow.

🟢

If Mitigated

No impact if patched or if system doesn't use Visconti clock controller hardware.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit to crash system or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of driver internals. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 2723543c1d60278d5aef1c4ad732dbad24b84a81 and c5601e0720ce1a3ad895f94a5838530edde01ed3

Vendor Advisory: https://git.kernel.org/stable/c/2723543c1d60278d5aef1c4ad732dbad24b84a81

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify driver is no longer vulnerable.

🔧 Temporary Workarounds

Disable visconti clock controller

linux

Remove or disable the vulnerable driver if not needed

modprobe -r clk_visconti
echo 'blacklist clk_visconti' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernels
Implement strict privilege separation and limit user capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if visconti driver is loaded: 'uname -r' and 'lsmod | grep visconti'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after fix commits and driver functions correctly

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crash/reboot logs
Driver initialization failures

Network Indicators:

None - local exploit only

SIEM Query:

kernel: "Oops" OR "general protection fault" AND process:"clk_visconti"

📊 Metadata

CVE ID: CVE-2022-49186

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.04% exploit probability (11.8th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49186, you might also want to check these: