CVE-2022-49852

riscv: process: fix kernel info leakage

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which
may be finally leaked to userspace. This is a security hole. Fix it
by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-05-01 CVE Reserved
2025-05-01 CVE Published
2025-05-04 CVE Updated
2025-06-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/7db91e57a0acde126a162ababfb1e0ab190130cb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30	2022-11-25
https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb	2022-11-25
https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712	2022-11-16
https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc	2022-11-16
https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68	2022-11-16
https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b	2022-11-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.267 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.267"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.4.225 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.4.225"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.10.155 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.10.155"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 5.15.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.15.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.0.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.0.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 6.1"		en		Affected