PT-2025-8189 · Linux+2 · Linux Kernel+2

Jackson Cody

Published

2022-03-14

Updated

2025-04-15

CVE-2022-49261

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc6-ci-drm-11296+ #1

Description A missing bounds check in the vm access() function can lead to an out-of-bounds read or write in the adjacent memory area. This issue is related to the len attribute not being validated before the memcpy later in the function. The problem can potentially cause a page fault, as indicated by the error message BUG: unable to handle page fault for address. The vm access() function is part of the drm/i915/gem module.

Recommendations For Linux kernel version 5.17.0-rc6-ci-drm-11296+ #1, update to a version that includes the fix for the missing boundary check in vm access(). As a temporary workaround, consider restricting access to the vm access() function until a patch is available.

Exploit

Fix

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

BDU:2026-03936

CVE-2022-49261

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8189 · Linux+2 · Linux Kernel+2

CVE-2022-49261

Weakness Enumeration

Related Identifiers

Affected Products

References · 1348