CVE-2022-49870

capabilities: fix undefined behavior in bit shift for CAP_TO_MASK

Description

In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in security/commoncap.c:1252:2 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: <TASK> dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c cap_task_prctl+0x561/0x6f0 security_task_prctl+0x5a/0xb0 __x64_sys_prctl+0x61/0x8f0 do_syscall_64+0x58/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK>

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5b79fa628e2ab789e629a83cd211ef9b4c1a593e
https://git.kernel.org/stable/c/65b0bc7a0690861812ade523d19f82688ab819dc
https://git.kernel.org/stable/c/dbaab08c8677d598244d21afb7818e44e1c5d826
https://git.kernel.org/stable/c/5661f111a1616ac105ec8cec81bff99b60f847ac
https://git.kernel.org/stable/c/fcbd2b336834bd24e1d9454ad5737856470c10d7
https://git.kernel.org/stable/c/151dc8087b5609e53b069c068e3f3ee100efa586
https://git.kernel.org/stable/c/27bdb134c043ff32c459d98f16550d0ffa0b3c34
https://git.kernel.org/stable/c/46653972e3ea64f79e7f8ae3aa41a4d3fdb70a13

Frequently Asked Questions

What is the severity of CVE-2022-49870?
CVE-2022-49870 has not yet been assigned a CVSS score.
How to fix CVE-2022-49870?
To fix CVE-2022-49870, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49870 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49870 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49870?
CVE-2022-49870 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.