7.8

CVE-2022-50030

EPSS 0.07%
Veröffentlicht 18.06.2025 11:01:33
Zuletzt bearbeitet 13.11.2025 19:31:31
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input

Malformed user input to debugfs results in buffer overflow crashes.  Adapt
input string lengths to fit within internal buffers, leaving space for NULL
terminators.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 4 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.211

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.138

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.63

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.211

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/927907f1cbb3408cadde637fccfc17bb6b10a87d

Patch

https://git.kernel.org/stable/c/c29a4baaad38a332c0ae480cf6d6c5bf75ac1828

Patch

https://git.kernel.org/stable/c/b92506dc51f81741eb26609175ac206c20f06e0a

Patch

https://git.kernel.org/stable/c/2d544e9d19c109dfe34b3dc1253a8b2971abe060

Patch

https://git.kernel.org/stable/c/f8191d40aa612981ce897e66cda6a88db8df17bb

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50030

EUVD