{"id":"CVE-2022-49289","summary":"uaccess: fix integer overflow on access_ok()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nuaccess: fix integer overflow on access_ok()\n\nThree architectures check the end of a user access against the\naddress limit without taking a possible overflow into account.\nPassing a negative length or another overflow in here returns\nsuccess when it should not.\n\nUse the most common correct implementation here, which optimizes\nfor a constant 'size' argument, and turns the common case into a\nsingle comparison.","modified":"2026-03-20T12:22:19.631258Z","published":"2025-02-26T01:56:27.026Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49289.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/222ca305c9fd39e5ed8104da25c09b2b79a516a8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/99801e2f457824955da4aadaa035913a6dede03a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e65d28d4e9bf90a35ba79c06661a572a38391dec"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49289.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49289"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7567746e1c0d66ac0ef8a9d8816ca694462c7370"},{"fixed":"e65d28d4e9bf90a35ba79c06661a572a38391dec"},{"fixed":"99801e2f457824955da4aadaa035913a6dede03a"},{"fixed":"a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8"},{"fixed":"222ca305c9fd39e5ed8104da25c09b2b79a516a8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49289.json"}}],"schema_version":"1.7.5"}