CVE-2022-49852

riscv: process: fix kernel info leakage

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c4601d30f7d989b4f354df899ab85b5f7a750d30
https://git.kernel.org/stable/c/c5c0b3167537793a7cf936fb240366eefd2fc7fb
https://git.kernel.org/stable/c/e56d18a976dda653194218df6d40d8122c775712
https://git.kernel.org/stable/c/cc36c7fa5d9384602529ba3eea8c5daee7be4dbc
https://git.kernel.org/stable/c/358a68f98304b40b201ba5afe94c20355aa3dc68
https://git.kernel.org/stable/c/6510c78490c490a6636e48b61eeaa6fb65981f4b

Frequently Asked Questions

What is the severity of CVE-2022-49852?
CVE-2022-49852 has not yet been assigned a CVSS score.
How to fix CVE-2022-49852?
To fix CVE-2022-49852, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49852 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49852 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49852?
CVE-2022-49852 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.