CVE-2022-50066

EPSS 0.03%
Veröffentlicht 18.06.2025 11:02:12
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net: atlantic: fix aq_vec index out of range error

The final update statement of the for loop exceeds the array range, the
dereference of self->aq_vec[i] is not checked and then leads to the
index out of range error.
Also fixed this kind of coding style in other for loop.

[   97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48
[   97.937607] index 8 is out of range for type 'aq_vec_s *[8]'
[   97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2
[   97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022
[   97.937611] Workqueue: events_unbound async_run_entry_fn
[   97.937616] Call Trace:
[   97.937617]  <TASK>
[   97.937619]  dump_stack_lvl+0x49/0x63
[   97.937624]  dump_stack+0x10/0x16
[   97.937626]  ubsan_epilogue+0x9/0x3f
[   97.937627]  __ubsan_handle_out_of_bounds.cold+0x44/0x49
[   97.937629]  ? __scm_send+0x348/0x440
[   97.937632]  ? aq_vec_stop+0x72/0x80 [atlantic]
[   97.937639]  aq_nic_stop+0x1b6/0x1c0 [atlantic]
[   97.937644]  aq_suspend_common+0x88/0x90 [atlantic]
[   97.937648]  aq_pm_suspend_poweroff+0xe/0x20 [atlantic]
[   97.937653]  pci_pm_suspend+0x7e/0x1a0
[   97.937655]  ? pci_pm_suspend_noirq+0x2b0/0x2b0
[   97.937657]  dpm_run_callback+0x54/0x190
[   97.937660]  __device_suspend+0x14c/0x4d0
[   97.937661]  async_suspend+0x23/0x70
[   97.937663]  async_run_entry_fn+0x33/0x120
[   97.937664]  process_one_work+0x21f/0x3f0
[   97.937666]  worker_thread+0x4a/0x3c0
[   97.937668]  ? process_one_work+0x3f0/0x3f0
[   97.937669]  kthread+0xf0/0x120
[   97.937671]  ? kthread_complete_and_exit+0x20/0x20
[   97.937672]  ret_from_fork+0x22/0x30
[   97.937676]  </TASK>

v2. fixed "warning: variable 'aq_vec' set but not used"

v3. simplified a for loop

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < df60c534d4c5a681172952dd4b475a5d818b3a86

Version 97bde5c4f909a55ab4c36cf0ac9094f6c9e4cdf6

Status affected

Version < 422a02a771599cac96f2b2900d993e0bb7ba5b88

Version 97bde5c4f909a55ab4c36cf0ac9094f6c9e4cdf6

Status affected

Version < 23bf155476539354ab5c8cc9bb460fd1209b39b5

Version 97bde5c4f909a55ab4c36cf0ac9094f6c9e4cdf6

Status affected

Version < 2ba5e47fb75fbb8fab45f5c1bc8d5c33d8834bd3

Version 97bde5c4f909a55ab4c36cf0ac9094f6c9e4cdf6

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.11

Status affected

Version < 4.11

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.138

Status unaffected

Version <= 5.15.*

Version 5.15.63

Status unaffected

Version <= 5.19.*

Version 5.19.4

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/df60c534d4c5a681172952dd4b475a5d818b3a86

https://git.kernel.org/stable/c/422a02a771599cac96f2b2900d993e0bb7ba5b88

https://git.kernel.org/stable/c/23bf155476539354ab5c8cc9bb460fd1209b39b5

https://git.kernel.org/stable/c/2ba5e47fb75fbb8fab45f5c1bc8d5c33d8834bd3

https://nvd.nist.gov/vuln/detail/CVE-2022-50066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50066

EUVD