-
CVE-2022-50315
- EPSS 0.03%
- Veröffentlicht 15.09.2025 14:46:10
- Zuletzt bearbeitet 15.09.2025 15:22:27
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS UBSAN complains about array-index-out-of-bounds: [ 1.980703] kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 [ 1.980709] kernel: index 15 is out of range for type 'ahci_em_priv [8]' [ 1.980713] kernel: CPU: 0 PID: 209 Comm: scsi_eh_8 Not tainted 5.15.0-25-generic #25-Ubuntu [ 1.980716] kernel: Hardware name: System manufacturer System Product Name/P5Q3, BIOS 1102 06/11/2010 [ 1.980718] kernel: Call Trace: [ 1.980721] kernel: <TASK> [ 1.980723] kernel: show_stack+0x52/0x58 [ 1.980729] kernel: dump_stack_lvl+0x4a/0x5f [ 1.980734] kernel: dump_stack+0x10/0x12 [ 1.980736] kernel: ubsan_epilogue+0x9/0x45 [ 1.980739] kernel: __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 1.980742] kernel: ahci_qc_issue+0x166/0x170 [libahci] [ 1.980748] kernel: ata_qc_issue+0x135/0x240 [ 1.980752] kernel: ata_exec_internal_sg+0x2c4/0x580 [ 1.980754] kernel: ? vprintk_default+0x1d/0x20 [ 1.980759] kernel: ata_exec_internal+0x67/0xa0 [ 1.980762] kernel: sata_pmp_read+0x8d/0xc0 [ 1.980765] kernel: sata_pmp_read_gscr+0x3c/0x90 [ 1.980768] kernel: sata_pmp_attach+0x8b/0x310 [ 1.980771] kernel: ata_eh_revalidate_and_attach+0x28c/0x4b0 [ 1.980775] kernel: ata_eh_recover+0x6b6/0xb30 [ 1.980778] kernel: ? ahci_do_hardreset+0x180/0x180 [libahci] [ 1.980783] kernel: ? ahci_stop_engine+0xb0/0xb0 [libahci] [ 1.980787] kernel: ? ahci_do_softreset+0x290/0x290 [libahci] [ 1.980792] kernel: ? trace_event_raw_event_ata_eh_link_autopsy_qc+0xe0/0xe0 [ 1.980795] kernel: sata_pmp_eh_recover.isra.0+0x214/0x560 [ 1.980799] kernel: sata_pmp_error_handler+0x23/0x40 [ 1.980802] kernel: ahci_error_handler+0x43/0x80 [libahci] [ 1.980806] kernel: ata_scsi_port_error_handler+0x2b1/0x600 [ 1.980810] kernel: ata_scsi_error+0x9c/0xd0 [ 1.980813] kernel: scsi_error_handler+0xa1/0x180 [ 1.980817] kernel: ? scsi_unjam_host+0x1c0/0x1c0 [ 1.980820] kernel: kthread+0x12a/0x150 [ 1.980823] kernel: ? set_kthread_struct+0x50/0x50 [ 1.980826] kernel: ret_from_fork+0x22/0x30 [ 1.980831] kernel: </TASK> This happens because sata_pmp_init_links() initialize link->pmp up to SATA_PMP_MAX_PORTS while em_priv is declared as 8 elements array. I can't find the maximum Enclosure Management ports specified in AHCI spec v1.3.1, but "12.2.1 LED message type" states that "Port Multiplier Information" can utilize 4 bits, which implies it can support up to 16 ports. Hence, use SATA_PMP_MAX_PORTS as EM_MAX_SLOTS to resolve the issue. BugLink: https://bugs.launchpad.net/bugs/1970074
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
f70bd4339cb68bc7e206af4c922bc0d249244403
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
da2ea4a961d9f89ed248734e7032350c260dc3a3
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
67a00c299c5c143817c948fbc7de1a2fa1af38fb
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
383b7c50f5445ff8dbbf03080905648d6980c39d
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
303d0f761431d848dd8d7ff9fd9b8c101879cabe
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
8fbe13de1cc7cef2564be3cbf60400b33eee023b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
d6314d5f68764550c84d732ce901ddd3ac6b415f
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
1e41e693f458eef2d5728207dbd327cd3b16580a
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version <=
4.9.*
Version
4.9.332
Status
unaffected
Version <=
4.14.*
Version
4.14.298
Status
unaffected
Version <=
4.19.*
Version
4.19.264
Status
unaffected
Version <=
5.4.*
Version
5.4.221
Status
unaffected
Version <=
5.10.*
Version
5.10.152
Status
unaffected
Version <=
5.15.*
Version
5.15.76
Status
unaffected
Version <=
6.0.*
Version
6.0.6
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.078 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|