{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49785", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-01T14:05:17.223Z", "datePublished": "2025-05-01T14:09:18.311Z", "dateUpdated": "2025-05-04T08:45:19.440Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:45:19.440Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Add overflow check in sgx_validate_offset_length()\n\nsgx_validate_offset_length() function verifies \"offset\" and \"length\"\narguments provided by userspace, but was missing an overflow check on\ntheir addition. Add it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kernel/cpu/sgx/ioctl.c"], "versions": [{"version": "c6d26d370767fa227fc44b98a8bdad112efdf563", "lessThan": "5277e3d633a5d4157987f4aff068caa55e36db19", "status": "affected", "versionType": "git"}, {"version": "c6d26d370767fa227fc44b98a8bdad112efdf563", "lessThan": "3b1c10fb754b0b67165e3f055a4208e5ba26dc89", "status": "affected", "versionType": "git"}, {"version": "c6d26d370767fa227fc44b98a8bdad112efdf563", "lessThan": "f0861f49bd946ff94fce4f82509c45e167f63690", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kernel/cpu/sgx/ioctl.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.81", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.10", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5277e3d633a5d4157987f4aff068caa55e36db19"}, {"url": "https://git.kernel.org/stable/c/3b1c10fb754b0b67165e3f055a4208e5ba26dc89"}, {"url": "https://git.kernel.org/stable/c/f0861f49bd946ff94fce4f82509c45e167f63690"}], "title": "x86/sgx: Add overflow check in sgx_validate_offset_length()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Add overflow check in sgx_validate_offset_length()\n\nsgx_validate_offset_length() function verifies \"offset\" and \"length\"\narguments provided by userspace, but was missing an overflow check on\ntheir addition. Add it."}], "id": "CVE-2022-49785", "lastModified": "2025-05-02T13:53:20.943", "metrics": {}, "published": "2025-05-01T15:16:01.713", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3b1c10fb754b0b67165e3f055a4208e5ba26dc89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5277e3d633a5d4157987f4aff068caa55e36db19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0861f49bd946ff94fce4f82509c45e167f63690"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: x86/sgx: Add overflow check in sgx_validate_offset_length()", "id": "2363379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363379"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nx86/sgx: Add overflow check in sgx_validate_offset_length()\nsgx_validate_offset_length() function verifies \"offset\" and \"length\"\narguments provided by userspace, but was missing an overflow check on\ntheir addition. Add it."], "name": "CVE-2022-49785", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49785\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49785\nhttps://lore.kernel.org/linux-cve-announce/2025050120-CVE-2022-49785-64a3@gregkh/T"], "statement": "The vulnerability in sgx_validate_offset_length() allows a local attacker to bypass bounds checks via integer overflow when providing crafted offset and length values to the SGX_IOC_ENCLAVE_ADD_PAGES ioctl.\nThe issue requires local access and low privileges, as the SGX device is typically accessible to unprivileged users.\nHowever, it only affects systems with Intel SGX support enabled in the kernel, and exploitation can lead to confidentiality, integrity, and availability impacts within SGX enclaves.", "threat_severity": "Moderate"}