CVE-2022-49267 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2025-02-26

Score: 6.7 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-54959	In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
Ubuntu USN	USN-8060-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8060-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8060-3	Linux kernel (GCP FIPS) vulnerabilities
Ubuntu USN	USN-8060-4	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8060-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8060-6	Linux kernel (AWS FIPS) vulnerabilities
Ubuntu USN	USN-8070-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8070-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8070-3	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8060-7	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8098-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8098-2	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8098-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8107-1	Linux kernel (AWS FIPS) vulnerabilities
Ubuntu USN	USN-8112-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8112-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8098-4	Linux kernel vulnerabilities
Ubuntu USN	USN-8112-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8112-4	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8112-5	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8098-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8098-6	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8098-7	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8098-8	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8098-9	Linux kernel (IBM) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025022629-CVE-2022-49267-b3ac@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49267
https://www.cve.org/CVERecord?id=CVE-2022-49267

History

Tue, 24 Mar 2026 09:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-120
CPEs	cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/0f55ac683b2722714016f16daae9cab3f7f7b9f9 https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef https://git.kernel.org/stable/c/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11
Metrics	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 24 Mar 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	mmc: core: use sysfs_emit() instead of sprintf()	kernel: mmc: core: use sysfs_emit() instead of sprintf()

Mon, 19 Jan 2026 12:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/0f55ac683b2722714016f16daae9cab3f7f7b9f9

Tue, 21 Oct 2025 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-120
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 25 Apr 2025 03:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 23 Apr 2025 15:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 27 Feb 2025 01:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022629-CVE-2022-49267-b3ac@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49267 https://www.cve.org/CVERecord?id=CVE-2022-49267
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 26 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
Title		mmc: core: use sysfs_emit() instead of sprintf()
References		https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef https://git.kernel.org/stable/c/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11

Subscriptions

Redhat Enterprise Linux

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-02-26T01:56:16.211Z

Updated: 2026-03-24T08:34:49.555Z

Reserved: 2025-02-26T01:49:39.297Z

Link: CVE-2022-49267

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-02-26T07:01:03.620

Modified: 2026-03-24T09:16:18.790

Link: CVE-2022-49267

Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49267 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object