CVE-2022-49643

Summary

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix a potential integer overflow in ima_appraise_measurement

When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux39b07096364a42c516415d5f841069e885234e61 < 388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77affected
LinuxLinux39b07096364a42c516415d5f841069e885234e61 < 831e190175f10652be93b08436cc7bf2e62e4bb6affected
LinuxLinux39b07096364a42c516415d5f841069e885234e61 < c8d5d81940938b5f6c0f495ca9538e7740416f30affected
LinuxLinux39b07096364a42c516415d5f841069e885234e61 < 640cea4c2839a821adfbb703b590a5928abe9286affected
LinuxLinux39b07096364a42c516415d5f841069e885234e61 < d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.207 <= 5.4.*unaffected
LinuxLinux5.10.132 <= 5.10.*unaffected
LinuxLinux5.15.56 <= 5.15.*unaffected
LinuxLinux5.18.13 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References