-

CVE-2022-50271

EPSS 0.03%
Published 15.09.2025 14:21:07
Last modified 15.09.2025 15:22:27
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: Use kvmalloc/kvfree for larger packets.

When copying a large file over sftp over vsock, data size is usually 32kB,
and kmalloc seems to fail to try to allocate 32 32kB regions.

 vhost-5837: page allocation failure: order:4, mode:0x24040c0
 Call Trace:
  [<ffffffffb6a0df64>] dump_stack+0x97/0xdb
  [<ffffffffb68d6aed>] warn_alloc_failed+0x10f/0x138
  [<ffffffffb68d868a>] ? __alloc_pages_direct_compact+0x38/0xc8
  [<ffffffffb664619f>] __alloc_pages_nodemask+0x84c/0x90d
  [<ffffffffb6646e56>] alloc_kmem_pages+0x17/0x19
  [<ffffffffb6653a26>] kmalloc_order_trace+0x2b/0xdb
  [<ffffffffb66682f3>] __kmalloc+0x177/0x1f7
  [<ffffffffb66e0d94>] ? copy_from_iter+0x8d/0x31d
  [<ffffffffc0689ab7>] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock]
  [<ffffffffc06828d9>] vhost_worker+0xf7/0x157 [vhost]
  [<ffffffffb683ddce>] kthread+0xfd/0x105
  [<ffffffffc06827e2>] ? vhost_dev_set_owner+0x22e/0x22e [vhost]
  [<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
  [<ffffffffb6eb332e>] ret_from_fork+0x4e/0x80
  [<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3

Work around by doing kvmalloc instead.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 0d720c3f0a03e97867deab7e480ba3d3e19837ba

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < 7aac8c63f604e6a6a46560c0f0188cd0332cf320

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < e6d0152c95108651f1880c1ddfab47cb9e3e62d0

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < b4a5905fd2ef841cd61e969ea692c213c2e5c1f7

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < e28a4e7f0296824c61a81e7fd54ab48bad3e75ad

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < a99fc6d818161d6f1ff3307de8bf5237f6cc34d8

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < 36c9f340c60413e28f980c0224c4e9d35851526b

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

Version < 0e3f72931fc47bb81686020cc643cde5d9cd0bb8

Version 433fc58e6bf2c8bd97e57153ed28e64fd78207b8

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 4.8

Status affected

Version < 4.8

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.296

Status unaffected

Version <= 4.19.*

Version 4.19.262

Status unaffected

Version <= 5.4.*

Version 5.4.220

Status unaffected

Version <= 5.10.*

Version 5.10.150

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/0d720c3f0a03e97867deab7e480ba3d3e19837ba

https://git.kernel.org/stable/c/7aac8c63f604e6a6a46560c0f0188cd0332cf320

https://git.kernel.org/stable/c/e6d0152c95108651f1880c1ddfab47cb9e3e62d0

https://git.kernel.org/stable/c/b4a5905fd2ef841cd61e969ea692c213c2e5c1f7

https://git.kernel.org/stable/c/e28a4e7f0296824c61a81e7fd54ab48bad3e75ad

https://git.kernel.org/stable/c/a99fc6d818161d6f1ff3307de8bf5237f6cc34d8

https://git.kernel.org/stable/c/36c9f340c60413e28f980c0224c4e9d35851526b

https://git.kernel.org/stable/c/0e3f72931fc47bb81686020cc643cde5d9cd0bb8

https://nvd.nist.gov/vuln/detail/CVE-2022-50271

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50271

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50271

EUVD