CVE-2022-49145

ACPI: CPPC: Avoid out of bounds access when parsing _CPC data

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do
not attempt to access the "Revision" element of that package, because
it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2026-05-04 EPSS Updated
2026-05-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/337aadff8e4567e39669e07d9a88b789d78458b5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5	2022-04-20
https://git.kernel.org/stable/c/d208ea44e25b31db5a4d5e8c31df51787a3e9303	2022-04-20
https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252	2022-04-15
https://git.kernel.org/stable/c/cb249f8c00f40dba83b7da8207ac14ca46e9ec9e	2022-04-15
https://git.kernel.org/stable/c/e5b681822cac1f8093759b02e16c06b2c64b6788	2022-04-08
https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b	2022-04-08
https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1	2022-04-08
https://git.kernel.org/stable/c/d7339f2a3938fb56b5f28d53f5345900b5fa0e74	2022-04-08
https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b	2022-03-25

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49145	2022-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=2348029	2022-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.9.311 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.9.311"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.14.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.14.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.19.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.19.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.4.189 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.4.189"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.10.110 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.10.110"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.15.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.15.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.16.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.16.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.17.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.17.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.18"		en		Affected