CVE-2022-50255

EPSS 0.02%
Veröffentlicht 15.09.2025 14:02:37
Zuletzt bearbeitet 15.09.2025 15:21:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix reading strings from synthetic events

The follow commands caused a crash:

  # cd /sys/kernel/tracing
  # echo 's:open char file[]' > dynamic_events
  # echo 'hist:keys=common_pid:file=filename:onchange($file).trace(open,$file)' > events/syscalls/sys_enter_openat/trigger'
  # echo 1 > events/synthetic/open/enable

BOOM!

The problem is that the synthetic event field "char file[]" will read
the value given to it as a string without any memory checks to make sure
the address is valid. The above example will pass in the user space
address and the sythetic event code will happily call strlen() on it
and then strscpy() where either one will cause an oops when accessing
user space addresses.

Use the helper functions from trace_kprobe and trace_eprobe that can
read strings safely (and actually succeed when the address is from user
space and the memory is mapped in).

Now the above can show:

     packagekitd-1721    [000] ...2.   104.597170: open: file=/usr/lib/rpm/fileattrs/cmake.attr
    in:imjournal-978     [006] ...2.   104.599642: open: file=/var/lib/rsyslog/imjournal.state.tmp
     packagekitd-1721    [000] ...2.   104.626308: open: file=/usr/lib/rpm/fileattrs/debuginfo.attr

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d9c79fbcbdb6cb10c07c85040eaf615180b26c48

Version bd82631d7ccdc894af2738e47abcba2cb6e7dea9

Status affected

Version < 149198d0b884e4606ed1d29b330c70016d878276

Version bd82631d7ccdc894af2738e47abcba2cb6e7dea9

Status affected

Version < f8bae1853196b52ede50950387f5b48cf83b9815

Version bd82631d7ccdc894af2738e47abcba2cb6e7dea9

Status affected

Version < 0934ae9977c27133449b6dd8c6213970e7eece38

Version bd82631d7ccdc894af2738e47abcba2cb6e7dea9

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.10

Status affected

Version < 5.10

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/d9c79fbcbdb6cb10c07c85040eaf615180b26c48

https://git.kernel.org/stable/c/149198d0b884e4606ed1d29b330c70016d878276

https://git.kernel.org/stable/c/f8bae1853196b52ede50950387f5b48cf83b9815

https://git.kernel.org/stable/c/0934ae9977c27133449b6dd8c6213970e7eece38

https://nvd.nist.gov/vuln/detail/CVE-2022-50255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50255

EUVD