PT-2025-8378 · Linux+3 · Linux Kernel+3

Alexey Dobriyan

Published

2022-01-01

Updated

2026-03-14

CVE-2022-49444

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for the module e shstrndx.sh size=0 OOB access issue

Description A vulnerability in the Linux kernel has been identified, allowing out-of-bounds (OOB) access. This issue can be triggered by crafting a module to exploit the vulnerability in the line if (info->secstrings[strhdr->sh size - 1] != '0'). The vulnerability can cause a page fault, leading to a system crash. Technical details about the issue include the load module function and the e shstrndx module.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the rebased patch onto modules-next to resolve the issue. As a temporary workaround, restrict the loading of custom modules to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

BDU:2026-04045

CVE-2022-49444

OESA-2025-1337

OESA-2025-1338

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Debian

Linux Kernel

Suse

PT-2025-8378 · Linux+3 · Linux Kernel+3

CVE-2022-49444

Weakness Enumeration

Related Identifiers

Affected Products

References · 1493