{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49122", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.264Z", "datePublished": "2025-02-26T01:55:02.161Z", "dateUpdated": "2025-05-04T08:30:21.824Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:30:21.824Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm ioctl: prevent potential spectre v1 gadget\n\nIt appears like cmd could be a Spectre v1 gadget as it's supplied by a\nuser and used as an array index. Prevent the contents of kernel memory\nfrom being leaked to userspace via speculative execution by using\narray_index_nospec."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-ioctl.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "76c94651005f58885facf9c973007f5ea01ab01f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "58880025e3362024f6d8ea01cb0c7a5df6c84ba6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7ae2c5b89da3cfaf856df880af27d3bb32a74b3d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0320bac5801b31407200227173205d017488f140", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "71c8df33fd777c7628f6fbc09b14e84806c55914", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "02cc46f397eb3691c56affbd5073e54f7a82ac32", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "44e6cb3ab177faae840bb2c1ebda9a2539876184", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "dd86064417de828ff2102ddc6049c829bf7585b4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "cd9c88da171a62c4b0f1c70e50c75845969fbc18", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-ioctl.c"], "versions": [{"version": "4.9.311", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.276", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.238", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.189", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.111", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.34", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.20", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.3", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.311"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.14.276"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.238"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.189"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.111"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.16.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.17.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f"}, {"url": "https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6"}, {"url": "https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d"}, {"url": "https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140"}, {"url": "https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914"}, {"url": "https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32"}, {"url": "https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184"}, {"url": "https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4"}, {"url": "https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18"}], "title": "dm ioctl: prevent potential spectre v1 gadget", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm ioctl: prevent potential spectre v1 gadget\n\nIt appears like cmd could be a Spectre v1 gadget as it's supplied by a\nuser and used as an array index. Prevent the contents of kernel memory\nfrom being leaked to userspace via speculative execution by using\narray_index_nospec."}], "id": "CVE-2022-49122", "lastModified": "2025-02-26T07:00:49.540", "metrics": {}, "published": "2025-02-26T07:00:49.540", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"affected_release": [{"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: dm ioctl: prevent potential spectre v1 gadget", "id": "2348154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348154"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndm ioctl: prevent potential spectre v1 gadget\nIt appears like cmd could be a Spectre v1 gadget as it's supplied by a\nuser and used as an array index. Prevent the contents of kernel memory\nfrom being leaked to userspace via speculative execution by using\narray_index_nospec.", "A vulnerability was found in the Linux kernel's `dm-ioctl` interface in the `lookup_ioctl()` function, which accepts a user-provided `cmd` value that is used to index the `_ioctls` array directly. This issue could lead to an out-of-bounds access if the CPU speculatively executes the array access before `cmd` is confirmed as valid, allowing an attacker to exploit a Spectre v1 gadget attack."], "name": "CVE-2022-49122", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49122\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49122\nhttps://lore.kernel.org/linux-cve-announce/2025022604-CVE-2022-49122-b139@gregkh/T"], "statement": "Red Hat has rated this vulnerability with a security impact of Moderate. All Red Hat products are being evaluated for impact and Red Hat will work with the Linux community to analyze and correct any issues found. \nSuccessful exploitation of this flaw requires the attacker to have advanced knowledge of the software versions used on the system. \nFor additional information about this flaw, including possible mitigations, please refer to: https://access.redhat.com/solutions/3545361", "threat_severity": "Moderate"}