CVE-2022-49264

UNKNOWN 0.0

exec: Force single empty string when argv is empty

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of the exec functions. ... Interestingly, Michael Kerrisk opened an issue about this in 2008[3], but there was no consensus to support fixing this issue then. Hopefully now that CVE-2021-4034 shows practical exploitative use[4] of this bug in a shellcode, we can reconsider. This issue is being tracked in the KSPP issue tracker[5]." While the initial code searches[6][7] turned up what appeared to be mostly corner case tests, trying to that just reject argv == NULL (or an immediately terminated pointer list) quickly started tripping[8] existing userspace programs. The next best approach is forcing a single empty string into argv and adjusting argc to match. The number of programs depending on argc == 0 seems a smaller set than those calling execve with a NULL argv. Account for the additional stack space in bprm_stack_limits(). Inject an empty string when argc == 0 (and set argc = 1). Warn about the case so userspace has some notice about the change: process './argc0' launched './argc0' with NULL argv: empty string added Additionally WARN() and reject NULL argv usage for kernel threads. [1] https://lore.kernel.org/lkml/[email protected]/ [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html [3] https://bugzilla.kernel.org/show_bug.cgi?id=8408 [4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt [5] https://github.com/KSPP/linux/issues/176 [6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+*NULL&literal=0 [7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%2C%5Cs*NULL&literal=0 [8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Feb 26, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 41f6ea5b9aaa28b740d47ffe995a5013211fdbb0 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 98e0c7c702894987732776736c99b85ade6fba45 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b50fb8dbc8b81aaa126387de428f4c42a7c72a73 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1fe82bfd9e4ce93399d815ca458b58505191c3e8 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 27a6f495b63a1804cc71be45911065db7757a98c 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1290eb4412aa0f0e9f3434b406dc8e255da85f9e 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a8054d3fa5deb84b215d6be1b910a978f3cb840d 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cfbfff8ce5e3d674947581f1eb9af0a1b1807950 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < dcd46d897adb70d63e025f175a00a89797d31a43

Linux / Linux

2.6.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗