CVE-2022-49852

May 1, 2025, 3:16 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.

Product(s) Impacted

Vendor Product Versions
Linux
  • Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux kernel / / / / / / / /

References

https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b
https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-05-01
CVE-2022-49852

Timeline

Published: May 1, 2025, 3:16 p.m.
Last Modified: May 1, 2025, 3:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.