5.5

CVE-2022-50271

EPSS 0.02%
Veröffentlicht 15.09.2025 14:21:07
Zuletzt bearbeitet 03.12.2025 18:18:35
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

vhost/vsock: Use kvmalloc/kvfree for larger packets.

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: Use kvmalloc/kvfree for larger packets.

When copying a large file over sftp over vsock, data size is usually 32kB,
and kmalloc seems to fail to try to allocate 32 32kB regions.

 vhost-5837: page allocation failure: order:4, mode:0x24040c0
 Call Trace:
  [<ffffffffb6a0df64>] dump_stack+0x97/0xdb
  [<ffffffffb68d6aed>] warn_alloc_failed+0x10f/0x138
  [<ffffffffb68d868a>] ? __alloc_pages_direct_compact+0x38/0xc8
  [<ffffffffb664619f>] __alloc_pages_nodemask+0x84c/0x90d
  [<ffffffffb6646e56>] alloc_kmem_pages+0x17/0x19
  [<ffffffffb6653a26>] kmalloc_order_trace+0x2b/0xdb
  [<ffffffffb66682f3>] __kmalloc+0x177/0x1f7
  [<ffffffffb66e0d94>] ? copy_from_iter+0x8d/0x31d
  [<ffffffffc0689ab7>] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock]
  [<ffffffffc06828d9>] vhost_worker+0xf7/0x157 [vhost]
  [<ffffffffb683ddce>] kthread+0xfd/0x105
  [<ffffffffc06827e2>] ? vhost_dev_set_owner+0x22e/0x22e [vhost]
  [<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
  [<ffffffffb6eb332e>] ret_from_fork+0x4e/0x80
  [<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3

Work around by doing kvmalloc instead.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

NVD 7 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.8 < 4.14.296

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.262

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.220

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.150

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.75

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.17

Linux ≫ Linux Kernel Version >= 6.0 < 6.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.041

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0d720c3f0a03e97867deab7e480ba3d3e19837ba

Patch

https://git.kernel.org/stable/c/7aac8c63f604e6a6a46560c0f0188cd0332cf320

Patch

https://git.kernel.org/stable/c/e6d0152c95108651f1880c1ddfab47cb9e3e62d0

Patch

https://git.kernel.org/stable/c/b4a5905fd2ef841cd61e969ea692c213c2e5c1f7

Patch

https://git.kernel.org/stable/c/e28a4e7f0296824c61a81e7fd54ab48bad3e75ad

Patch

https://git.kernel.org/stable/c/a99fc6d818161d6f1ff3307de8bf5237f6cc34d8

Patch

https://git.kernel.org/stable/c/36c9f340c60413e28f980c0224c4e9d35851526b

Patch

https://git.kernel.org/stable/c/0e3f72931fc47bb81686020cc643cde5d9cd0bb8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50271

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50271

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50271

EUVD