CVE-2022-50131
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow issue in the Linux kernel's HID driver for mcp2221 devices. Specifically, the function mcp_smbus_write() does not properly check the length of user-supplied data before copying it into a fixed-size buffer, which can lead to copying more data than the buffer can hold. This occurs because the 'len' variable, derived from user data, can be up to 255 bytes, but the buffer is smaller, causing a potential overflow. The fix involves adding a boundary check to prevent this overflow during the memcpy operation.
How can this vulnerability impact me? :
This buffer overflow vulnerability could potentially allow an attacker to overwrite adjacent memory in the kernel space, which may lead to system crashes, data corruption, or possibly privilege escalation if exploited. The exact impact depends on how the vulnerable function is used and the attacker's ability to supply crafted input to trigger the overflow.