CVE-2022-49122

Advisory lineage Upstream: 0 Downstream: 16
Analyzed
Published: 26 Feb 2025, 01:55
Last modified:11 May 2026, 18:53

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.01% LOW
0% probability -0.04%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Feb 2025, 01:55
Published
Vulnerability first disclosed
11 May 2026, 18:53
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Affected Systems

  • linuxlinux

    ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 76c94651005f58885facf9c973007f5ea01ab01f | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 58880025e3362024f6d8ea01cb0c7a5df6c84ba6 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 7ae2c5b89da3cfaf856df880af27d3bb32a74b3d | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 0320bac5801b31407200227173205d017488f140 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 71c8df33fd777c7628f6fbc09b14e84806c55914 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 02cc46f397eb3691c56affbd5073e54f7a82ac32 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 44e6cb3ab177faae840bb2c1ebda9a2539876184 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < dd86064417de828ff2102ddc6049c829bf7585b4 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < cd9c88da171a62c4b0f1c70e50c75845969fbc18 | 2.6.12

  • linuxlinux_kernel

    < 4.9.311 | ≥ 4.10, < 4.14.276 | ≥ 4.15, < 4.19.238 | ≥ 4.20, < 5.4.189 | ≥ 5.5, < 5.10.111 | ≥ 5.11, < 5.15.34 | ≥ 5.16, < 5.16.20 | ≥ 5.17, < 5.17.3

References (9)