CVE-2022-49852

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.

Reserved 2025-05-01 | Published 2025-05-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

7db91e57a0acde126a162ababfb1e0ab190130cb before c4601d30f7d989b4f354df899ab85b5f7a750d30
affected

7db91e57a0acde126a162ababfb1e0ab190130cb before c5c0b3167537793a7cf936fb240366eefd2fc7fb
affected

7db91e57a0acde126a162ababfb1e0ab190130cb before e56d18a976dda653194218df6d40d8122c775712
affected

7db91e57a0acde126a162ababfb1e0ab190130cb before cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
affected

7db91e57a0acde126a162ababfb1e0ab190130cb before 358a68f98304b40b201ba5afe94c20355aa3dc68
affected

7db91e57a0acde126a162ababfb1e0ab190130cb before 6510c78490c490a6636e48b61eeaa6fb65981f4b
affected

Default status
affected

4.15
affected

Any version before 4.15
unaffected

4.19.267
unaffected

5.4.225
unaffected

5.10.155
unaffected

5.15.79
unaffected

6.0.9
unaffected

6.1
unaffected

References

git.kernel.org/...c/c4601d30f7d989b4f354df899ab85b5f7a750d30

git.kernel.org/...c/c5c0b3167537793a7cf936fb240366eefd2fc7fb

git.kernel.org/...c/e56d18a976dda653194218df6d40d8122c775712

git.kernel.org/...c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc

git.kernel.org/...c/358a68f98304b40b201ba5afe94c20355aa3dc68

git.kernel.org/...c/6510c78490c490a6636e48b61eeaa6fb65981f4b

cve.org (CVE-2022-49852)

nvd.nist.gov (CVE-2022-49852)

Download JSON