CVE-2022-50058
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-13

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to initialize them for vdpa_sim_blk. When creating a new vdpa_sim_blk device this causes the kernel to panic in this way: Β  Β $ vdpa dev add mgmtdev vdpasim_blk name blk0 Β  Β BUG: kernel NULL pointer dereference, address: 0000000000000030 Β  Β ... Β  Β RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb] Β  Β ... Β  Β Call Trace: Β  Β  <TASK> Β  Β  vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb] Β  Β  vdpasim_map_range+0x91/0xd0 [vdpa_sim] Β  Β  vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim] Β  Β  ... This happens because vdpasim->iommu[0] is not initialized when dev_attr.nas is 0. Let's fix this issue by initializing both (nas, ngroups) to 1 for vdpa_sim_blk.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-13
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50058
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's vdpa_sim_blk device where two new fields (nas and ngroups) were added but not initialized. When creating a new vdpa_sim_blk device, this lack of initialization causes a NULL pointer dereference leading to a kernel panic. Specifically, vdpasim->iommu[0] is not initialized when dev_attr.nas is 0, causing the kernel to crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to panic (crash) when a new vdpa_sim_blk device is created, leading to system instability or downtime. This could disrupt services running on affected systems and potentially cause data loss or require system reboots.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix which initializes the nas and ngroups fields to 1 for vdpa_sim_blk devices. Avoid creating new vdpa_sim_blk devices until the kernel is patched, as creating such devices can cause a kernel panic due to uninitialized fields.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart