-
CVE-2022-50394
- EPSS 0.04%
- Published 18.09.2025 13:33:12
- Last modified 19.09.2025 16:00:27
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismt_access() When the driver does not check the data from the user, the variable 'data->block[0]' may be very large to cause an out-of-bounds bug. The following log can reveal it: [ 33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20 [ 33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA: WRITE [ 33.996475] ================================================================== [ 33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b [ 33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485 [ 33.999450] Call Trace: [ 34.001849] memcpy+0x20/0x60 [ 34.002077] ismt_access.cold+0x374/0x214b [ 34.003382] __i2c_smbus_xfer+0x44f/0xfb0 [ 34.004007] i2c_smbus_xfer+0x10a/0x390 [ 34.004291] i2cdev_ioctl_smbus+0x2c8/0x710 [ 34.005196] i2cdev_ioctl+0x5ec/0x74c Fix this bug by checking the size of 'data->block[0]' first.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
4a7bb1d93addb2f67e36fed00a53cb7f270d7b7a
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
03b7ef7a6c5ca1ff553470166b4919db88b810f6
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
bfe41d966c860a8ad4c735639d616da270c92735
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
9ac541a0898e8ec187a3fa7024b9701cffae6bf2
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
96c12fd0ec74641295e1c3c34dea3dce1b6c3422
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
a642469d464b2780a25a49b51ae56623c65eac34
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
233348a04becf133283f0076e20b317302de21d9
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
Version <
39244cc754829bf707dccd12e2ce37510f5b1f8d
Version
13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
3.9
Status
affected
Version <
3.9
Version
0
Status
unaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.127 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|