CVE-2022-50030
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-13
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause buffer overflow crashes in the Linux kernel, potentially leading to system instability or denial of service if exploited through malformed input to debugfs in the lpfc driver.
What immediate steps should I take to mitigate this vulnerability?
Apply the latest Linux kernel updates that include the fix for this vulnerability to prevent buffer overflow crashes caused by malformed user input to debugfs.
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow issue in the Linux kernel's SCSI lpfc driver when handling malformed user input via debugfs. Specifically, malformed input strings can cause buffer overflow crashes because the input lengths were not properly adapted to fit within internal buffers, including space for NULL terminators. The vulnerability has been resolved by adjusting input string lengths to prevent these overflows.