CVE-2022-49044 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
dm integrity: fix memory corruption when tag_size is less than digest size
It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored.
In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_shash_final.
Fix this corruption by increasing the tags array so that it has enough padding at the end to accomodate the loop in integrity_recalc() being able to write a full digest size for the last member of the tags array.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/24/2025
The vulnerability CVE-2022-49044 represents a critical memory corruption issue within the Linux kernel's device mapper integrity subsystem. This flaw exists in the dm-integrity module which provides data integrity protection for block devices through cryptographic checksums. The vulnerability arises from improper handling of the tag_size parameter during the setup of integrity protection mechanisms, creating a scenario where memory boundaries are violated during cryptographic operations.
The technical flaw occurs when administrators configure dm-integrity with a tag_size parameter that is smaller than the actual digest size required by the cryptographic algorithm. This parameter mismatch creates a buffer overflow condition where the integrity subsystem attempts to write data beyond the allocated memory boundaries of the ic->recalc_tags array. The corruption specifically manifests during the cryptographic finalization phase, particularly in the integrity_recalc->integrity_sector_checksum->crypto_shash_final call chain where the system writes beyond the intended memory region.
This memory corruption vulnerability presents significant operational risks within Linux kernel environments that utilize device mapper integrity for data protection. Attackers could potentially exploit this flaw to cause system instability, data corruption, or in worst-case scenarios, achieve privilege escalation or arbitrary code execution. The vulnerability affects systems running Linux kernels that implement dm-integrity functionality, particularly those using cryptographic algorithms that require larger digest sizes than the configured tag_size parameter allows. The issue is particularly concerning in enterprise environments where data integrity protection is critical and where the vulnerability could be leveraged to compromise the underlying storage infrastructure.
The fix for this vulnerability involves expanding the tags array allocation to ensure sufficient padding exists at the end to accommodate the full digest size during the final iteration of the integrity_recalc() loop. This mitigation ensures that even when tag_size is smaller than the digest size, the system can safely write the complete cryptographic digest without overrunning memory boundaries. The solution aligns with security best practices for buffer management and memory safety, preventing the type of out-of-bounds memory access that could lead to system compromise. Organizations should apply the kernel patches addressing this vulnerability promptly, as the memory corruption could be exploited to undermine the integrity protection mechanisms that dm-integrity is designed to provide. This fix demonstrates the importance of proper parameter validation and memory boundary checking in cryptographic subsystems, particularly when dealing with variable-length cryptographic outputs that must be properly accommodated within allocated memory structures.
This vulnerability maps to CWE-121 and CWE-787 within the Common Weakness Enumeration framework, specifically addressing buffer overflow conditions and out-of-bounds memory access issues. From an ATT&CK perspective, this represents a potential privilege escalation vector through kernel memory corruption, falling under techniques related to kernel exploits and system-level compromise. The remediation approach emphasizes proper memory allocation and boundary checking, which are fundamental security controls that align with defensive coding practices and secure software development lifecycle principles.