PT-2025-25871 · Linux+2 · Linux Kernel+2

Published

2022-08-29

Updated

2025-07-28

CVE-2022-49945

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, specifically in the gpio-fan driver. The issue arises from the driver's failure to check if the cooling state passed to gpio fan set cur state() exceeds the maximum cooling state stored in fan data->num speeds. This can lead to an array out of bounds access, potentially causing a kernel oops when unavailable memory is accessed. The vulnerability can be exploited by setting the state of the thermal cooling device to arbitrary values.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

BDU:2026-02652

CVE-2022-49945

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-25871 · Linux+2 · Linux Kernel+2

CVE-2022-49945

Weakness Enumeration

Related Identifiers

Affected Products

References · 608