Linux Kernel: visconti_clk Array Overflow CVE-2022-49186
CVE-2022-49186 Published on February 26, 2025
clk: visconti: prevent array overflow in visconti_clk_register_gates()
In the Linux kernel, the following vulnerability has been resolved:
clk: visconti: prevent array overflow in visconti_clk_register_gates()
This code was using -1 to represent that there was no reset function.
Unfortunately, the -1 was stored in u8 so the if (clks[i].rs_id >= 0)
condition was always true. This lead to an out of bounds access in
visconti_clk_register_gates().
Vulnerability Analysis
CVE-2022-49186 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an out-of-bounds array index Vulnerability?
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CVE-2022-49186 has been classified to as an out-of-bounds array index vulnerability or weakness.
Products Associated with CVE-2022-49186
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version b4cbe606dc3674b25cb661e7cd1a1c6ddaaafaaa and below 2723543c1d60278d5aef1c4ad732dbad24b84a81 is affected.
- Version b4cbe606dc3674b25cb661e7cd1a1c6ddaaafaaa and below c5601e0720ce1a3ad895f94a5838530edde01ed3 is affected.
- Version 5.17 is affected.
- Before 5.17 is unaffected.
- Version 5.17.2, <= 5.17.* is unaffected.
- Version 5.18, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.