-

CVE-2022-50575

EPSS 0.04%
Veröffentlicht 22.10.2025 13:23:29
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()

In the Linux kernel, the following vulnerability has been resolved:

xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()

As 'kdata.num' is user-controlled data, if user tries to allocate
memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it
creates a stack trace and messes up dmesg with a warning.

Call trace:
-> privcmd_ioctl
--> privcmd_ioctl_mmap_resource

Add __GFP_NOWARN in order to avoid too large allocation warning.
This is detected by static analysis using smatch.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < 5d68ae32d132ea2af73bc223fd64c46f85302a8b

Status affected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < 4f983ee5e5de924d93a7bbb4e6f68f38c6256cd5

Status affected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < 46026bb057c35f5bb111bf95e00cd8366d2e34d4

Status affected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < 0bf874183b32eae2cc20e3c5be38ec3d33e7e564

Status affected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < e0c5f1058ed96f2b7487560c4c4cbd768d13d065

Status affected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < 4da411086f5ab32f811a89ef804980ec106ebb65

Status affected

Version 3ad0876554cafa368f574d4d408468510543e9ff

Version < 8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.18

Status affected

Version 0

Version < 4.18

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/5d68ae32d132ea2af73bc223fd64c46f85302a8b

https://git.kernel.org/stable/c/4f983ee5e5de924d93a7bbb4e6f68f38c6256cd5

https://git.kernel.org/stable/c/46026bb057c35f5bb111bf95e00cd8366d2e34d4

https://git.kernel.org/stable/c/0bf874183b32eae2cc20e3c5be38ec3d33e7e564

https://git.kernel.org/stable/c/e0c5f1058ed96f2b7487560c4c4cbd768d13d065

https://git.kernel.org/stable/c/4da411086f5ab32f811a89ef804980ec106ebb65

https://git.kernel.org/stable/c/8b997b2bb2c53b76a6db6c195930e9ab8e4b0c79

https://nvd.nist.gov/vuln/detail/CVE-2022-50575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50575

EUVD