CVE-2022-49289 – This CVE is an integer overflow vulnerability i... (How to Fix)

Q: What is the severity of CVE-2022-49289?

CVE-2022-49289 has a CVSS score of 7.1 (HIGH). This CVE is an integer overflow vulnerability in the Linux kernel's access_ok() function that could allow attackers to bypass memory access restrictions. It affects Linux systems where user-space processes interact with kernel memory, potentially leading to privilege escalation or information disclosure. All Linux systems using vulnerable kernel versions are affected.

📋 TL;DR

This CVE is an integer overflow vulnerability in the Linux kernel's access_ok() function that could allow attackers to bypass memory access restrictions. It affects Linux systems where user-space processes interact with kernel memory, potentially leading to privilege escalation or information disclosure. All Linux systems using vulnerable kernel versions are affected.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific vulnerable versions not explicitly stated in CVE description, but patches are available in stable kernel trees. Likely affects multiple kernel versions before the fix commits.

Operating Systems: All Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the core kernel uaccess functionality, affecting all architectures where the flawed access_ok() implementation is used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel memory corruption leading to system crash, or information disclosure of sensitive kernel memory contents.

🟠

Likely Case

Local privilege escalation allowing an unprivileged user to gain elevated privileges or access restricted kernel memory regions.

🟢

If Mitigated

Limited impact if proper access controls, SELinux/AppArmor, and kernel hardening are in place, though the vulnerability still presents a risk.

🌐 Internet-Facing: LOW - This is primarily a local vulnerability requiring access to the system.

🏢 Internal Only: HIGH - Any user with local access could potentially exploit this vulnerability to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory layout. The vulnerability allows bypassing access checks but doesn't directly provide arbitrary code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 222ca305c9fd39e5ed8104da25c09b2b79a516a8, 99801e2f457824955da4aadaa035913a6dede03a, a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8, e65d28d4e9bf90a35ba79c06661a572a38391dec

Vendor Advisory: https://git.kernel.org/stable/c/222ca305c9fd39e5ed8104da25c09b2b79a516a8

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Kernel Module Restrictions

all

Restrict loading of kernel modules to prevent potential exploitation vectors

echo 1 > /proc/sys/kernel/modules_disabled
sysctl -w kernel.modules_disabled=1

🧯 If You Can't Patch

Implement strict access controls and least privilege principles for all user accounts
Enable kernel hardening features like SELinux, AppArmor, or grsecurity to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution's security advisory. Examine kernel source for the specific access_ok() implementation.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version from vendor advisory. Check that the specific git commits are present in your kernel source.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
Unexpected privilege escalation events in audit logs
Failed access control violations

Network Indicators:

Not applicable - this is a local vulnerability

SIEM Query:

source="kernel" AND ("access_ok" OR "segmentation fault" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2022-49289

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-190

EPSS Score: 0.04% exploit probability (11th percentile)

Published: February 26, 2025

Last Updated: September 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49289, you might also want to check these: