CVE-2022-49122

It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using arrayindexnospec.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49122.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed

76c94651005f58885facf9c973007f5ea01ab01f

Fixed

58880025e3362024f6d8ea01cb0c7a5df6c84ba6

Fixed

7ae2c5b89da3cfaf856df880af27d3bb32a74b3d

Fixed

0320bac5801b31407200227173205d017488f140

Fixed

71c8df33fd777c7628f6fbc09b14e84806c55914

Fixed

02cc46f397eb3691c56affbd5073e54f7a82ac32

Fixed

44e6cb3ab177faae840bb2c1ebda9a2539876184

Fixed

dd86064417de828ff2102ddc6049c829bf7585b4

Fixed

cd9c88da171a62c4b0f1c70e50c75845969fbc18

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49122.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.12

Fixed

4.9.311

Type: ECOSYSTEM
Events: Introduced

4.10.0

Fixed

4.14.276

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.238

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.189

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.111

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.34

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.20

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49122.json"