CVE-2022-49180

LSM: general protection fault in legacy_parse_param

Description

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacy_parse_param The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectly returns 1 on success. There was a time when this was correct, however the current expectation is that it return 0 on success. This is repaired.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ddcdda888e14ca451b3ee83d11b65b2a9c8e783b
https://git.kernel.org/stable/c/2784604c8c6fc523248f8f80a421c313a9d790b7
https://git.kernel.org/stable/c/f3f93a1aaafc3032e0a9655fb43deccfb3e953a3
https://git.kernel.org/stable/c/00fc07fa0b4a004711b6e1a944f0d2e46f7093b7
https://git.kernel.org/stable/c/cadae7c5e477aaafcba819b8e4a3d1c1a1503b62
https://git.kernel.org/stable/c/ecff30575b5ad0eda149aadad247b7f75411fd47

Frequently Asked Questions

What is the severity of CVE-2022-49180?
CVE-2022-49180 has not yet been assigned a CVSS score.
How to fix CVE-2022-49180?
To fix CVE-2022-49180, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49180 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49180 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49180?
CVE-2022-49180 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.