-

CVE-2022-50756

EPSS 0.03%
Veröffentlicht 24.12.2025 13:05:49
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: fix mempool alloc size

Convert the max size to bytes to match the units of the divisor that
calculates the worst-case number of PRP entries.

The result is used to determine how many PRP Lists are required. The
code was previously rounding this to 1 list, but we can require 2 in the
worst case. In that scenario, the driver would corrupt memory beyond the
size provided by the mempool.

While unlikely to occur (you'd need a 4MB in exactly 127 phys segments
on a queue that doesn't support SGLs), this memory corruption has been
observed by kfence.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < dfb6d54893d544151e7f480bc44cfe7823f5ad23

Version 943e942e6266f22babee5efeb00f8f672fbff5bd

Status affected

Version < 9141144b37f30e3e7fa024bcfa0a13011e546ba9

Version 943e942e6266f22babee5efeb00f8f672fbff5bd

Status affected

Version < e1777b4286e526c58b4ee699344b0ad85aaf83a0

Version 943e942e6266f22babee5efeb00f8f672fbff5bd

Status affected

Version < b1814724e0d7162bdf4799f2d565381bc2251c63

Version 943e942e6266f22babee5efeb00f8f672fbff5bd

Status affected

Version < c89a529e823d51dd23c7ec0c047c7a454a428541

Version 943e942e6266f22babee5efeb00f8f672fbff5bd

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.18

Status affected

Version < 4.18

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.17

Status unaffected

Version <= 6.1.*

Version 6.1.3

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/dfb6d54893d544151e7f480bc44cfe7823f5ad23

https://git.kernel.org/stable/c/9141144b37f30e3e7fa024bcfa0a13011e546ba9

https://git.kernel.org/stable/c/e1777b4286e526c58b4ee699344b0ad85aaf83a0

https://git.kernel.org/stable/c/b1814724e0d7162bdf4799f2d565381bc2251c63

https://git.kernel.org/stable/c/c89a529e823d51dd23c7ec0c047c7a454a428541

https://nvd.nist.gov/vuln/detail/CVE-2022-50756

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50756

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50756

EUVD