Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49145

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.1, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), and availability (service disruption) for affected systems. Impacting 1 product from linux organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2025, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2025-02-26T07:00:51.693

Last Modified

2025-09-23T13:53:26.707

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.9.311	Yes
Operating System	linux	linux_kernel	< 4.14.276	Yes
Operating System	linux	linux_kernel	< 4.19.238	Yes
Operating System	linux	linux_kernel	< 5.4.189	Yes
Operating System	linux	linux_kernel	< 5.10.110	Yes
Operating System	linux	linux_kernel	< 5.15.33	Yes
Operating System	linux	linux_kernel	< 5.16.19	Yes
Operating System	linux	linux_kernel	< 5.17.2	Yes

References

https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/cb249f8c00f40dba83b7da8207ac14ca46e9ec9e Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/d208ea44e25b31db5a4d5e8c31df51787a3e9303 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/d7339f2a3938fb56b5f28d53f5345900b5fa0e74 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/e5b681822cac1f8093759b02e16c06b2c64b6788 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.