CVE-2022-50239

EPSS 0.02%
Published 15.09.2025 14:01:43
Last modified 15.09.2025 15:21:42
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: qcom: fix writes in read-only memory region

This commit fixes a kernel oops because of a write in some read-only memory:

	[    9.068287] Unable to handle kernel write to read-only memory at virtual address ffff800009240ad8
	..snip..
	[    9.138790] Internal error: Oops: 9600004f [#1] PREEMPT SMP
	..snip..
	[    9.269161] Call trace:
	[    9.276271]  __memcpy+0x5c/0x230
	[    9.278531]  snprintf+0x58/0x80
	[    9.282002]  qcom_cpufreq_msm8939_name_version+0xb4/0x190
	[    9.284869]  qcom_cpufreq_probe+0xc8/0x39c
	..snip..

The following line defines a pointer that point to a char buffer stored
in read-only memory:

	char *pvs_name = "speedXX-pvsXX-vXX";

This pointer is meant to hold a template "speedXX-pvsXX-vXX" where the
XX values get overridden by the qcom_cpufreq_krait_name_version function. Since
the template is actually stored in read-only memory, when the function
executes the following call we get an oops:

	snprintf(*pvs_name, sizeof("speedXX-pvsXX-vXX"), "speed%d-pvs%d-v%d",
		 speed, pvs, pvs_ver);

To fix this issue, we instead store the template name onto the stack by
using the following syntax:

	char pvs_name_buffer[] = "speedXX-pvsXX-vXX";

Because the `pvs_name` needs to be able to be assigned to NULL, the
template buffer is stored in the pvs_name_buffer and not under the
pvs_name variable.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 794ded0bc461287a268bed21fea2eebb6e5d232c

Version a8811ec764f95a04ba82f6f457e28c5e9e36e36b

Status affected

Version < 14d260f94ff89543597ffea13db8b277a810e08e

Version a8811ec764f95a04ba82f6f457e28c5e9e36e36b

Status affected

Version < b74ee4e301ca01e431e240c046173332966e2431

Version a8811ec764f95a04ba82f6f457e28c5e9e36e36b

Status affected

Version < 01039fb8e90c9cb684430414bff70cea9eb168c5

Version a8811ec764f95a04ba82f6f457e28c5e9e36e36b

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.7

Status affected

Version < 5.7

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.152

Status unaffected

Version <= 5.15.*

Version 5.15.76

Status unaffected

Version <= 6.0.*

Version 6.0.6

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/794ded0bc461287a268bed21fea2eebb6e5d232c

https://git.kernel.org/stable/c/14d260f94ff89543597ffea13db8b277a810e08e

https://git.kernel.org/stable/c/b74ee4e301ca01e431e240c046173332966e2431

https://git.kernel.org/stable/c/01039fb8e90c9cb684430414bff70cea9eb168c5

https://nvd.nist.gov/vuln/detail/CVE-2022-50239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50239

EUVD