-

CVE-2022-50206

EPSS 0.04%
Veröffentlicht 18.06.2025 11:03:46
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

arm64: fix oops in concurrently setting insn_emulation sysctls

emulation_proc_handler() changes table->data for proc_dointvec_minmax
and can generate the following Oops if called concurrently with itself:

 | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
 | Internal error: Oops: 96000006 [#1] SMP
 | Call trace:
 | update_insn_emulation_mode+0xc0/0x148
 | emulation_proc_handler+0x64/0xb8
 | proc_sys_call_handler+0x9c/0xf8
 | proc_sys_write+0x18/0x20
 | __vfs_write+0x20/0x48
 | vfs_write+0xe4/0x1d0
 | ksys_write+0x70/0xf8
 | __arm64_sys_write+0x20/0x28
 | el0_svc_common.constprop.0+0x7c/0x1c0
 | el0_svc_handler+0x2c/0xa0
 | el0_svc+0x8/0x200

To fix this issue, keep the table->data as &insn->current_mode and
use container_of() to retrieve the insn pointer. Another mutex is
used to protect against the current_mode update but not for retrieving
insn_emulation as table->data is no longer changing.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 9d5fec6ba2e4117d196a8259ab54615ffe562460

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < b51881b1da57fe9877125dfdd0aac5172958fcfd

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 04549063d5701976034d8c2bfda3d3a8cbf0409f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 353b4673d01c512303c45cf2346f630cda73b5c9

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < cc69ef95988b9ef2fc730ec452a7441efb90ef5e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6a2fd114678d7fc1b5a0f8865ae98f1c17787455

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 07022e07017ee5540f5559b0aeb916e8383c1e1a

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < af483947d472eccb79e42059276c4deed76f99a6

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.291

Status unaffected

Version <= 4.19.*

Version 4.19.256

Status unaffected

Version <= 5.4.*

Version 5.4.211

Status unaffected

Version <= 5.10.*

Version 5.10.137

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/9d5fec6ba2e4117d196a8259ab54615ffe562460

https://git.kernel.org/stable/c/b51881b1da57fe9877125dfdd0aac5172958fcfd

https://git.kernel.org/stable/c/04549063d5701976034d8c2bfda3d3a8cbf0409f

https://git.kernel.org/stable/c/353b4673d01c512303c45cf2346f630cda73b5c9

https://git.kernel.org/stable/c/cc69ef95988b9ef2fc730ec452a7441efb90ef5e

https://git.kernel.org/stable/c/6a2fd114678d7fc1b5a0f8865ae98f1c17787455

https://git.kernel.org/stable/c/07022e07017ee5540f5559b0aeb916e8383c1e1a

https://git.kernel.org/stable/c/af483947d472eccb79e42059276c4deed76f99a6

https://nvd.nist.gov/vuln/detail/CVE-2022-50206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50206

EUVD