CVE-2022-50117

EPSS 0.03%
Published 18.06.2025 11:02:47
Last modified 18.06.2025 13:47:40
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

vfio: Split migration ops from main device ops

vfio core checks whether the driver sets some migration op (e.g.
set_state/get_state) and accordingly calls its op.

However, currently mlx5 driver sets the above ops without regards to its
migration caps.

This might lead to unexpected usage/Oops if user space may call to the
above ops even if the driver doesn't support migration. As for example,
the migration state_mutex is not initialized in that case.

The cleanest way to manage that seems to split the migration ops from
the main device ops, this will let the driver setting them separately
from the main ops when it's applicable.

As part of that, validate ops construction on registration and include a
check for VFIO_MIGRATION_STOP_COPY since the uAPI claims it must be set
in migration_flags.

HISI driver was changed as well to match this scheme.

This scheme may enable down the road to come with some extra group of
ops (e.g. DMA log) that can be set without regards to the other options
based on driver caps.

Affected products Warnungen 0 Metrics 1 CWE 0 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < bba6b12d73d36e0ddbc2c3ac5668a667b00d4345

Version 6fadb021266d03c5fd7bca2cfa1607efd246dad1

Status affected

Version < 6e97eba8ad8748fabb795cffc5d9e1a7dcfd7367

Version 6fadb021266d03c5fd7bca2cfa1607efd246dad1

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/bba6b12d73d36e0ddbc2c3ac5668a667b00d4345

https://git.kernel.org/stable/c/6e97eba8ad8748fabb795cffc5d9e1a7dcfd7367

https://nvd.nist.gov/vuln/detail/CVE-2022-50117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50117

EUVD