Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49122

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 1 product from linux organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2025, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2025-02-26T07:00:49.540

Last Modified

2025-10-14T19:56:27.750

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.9.311	Yes
Operating System	linux	linux_kernel	< 4.14.276	Yes
Operating System	linux	linux_kernel	< 4.19.238	Yes
Operating System	linux	linux_kernel	< 5.4.189	Yes
Operating System	linux	linux_kernel	< 5.10.111	Yes
Operating System	linux	linux_kernel	< 5.15.34	Yes
Operating System	linux	linux_kernel	< 5.16.20	Yes
Operating System	linux	linux_kernel	< 5.17.3	Yes

References

https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.