CVE-2022-50255
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's tracing subsystem involves improper handling of strings from synthetic events. Specifically, the synthetic event field "char file[]" reads a string value without validating the memory address, which can lead to the kernel calling strlen() and strscpy() on invalid user space addresses. This causes a crash (kernel oops) when accessing user space memory incorrectly. The fix involves using helper functions that safely read strings from user space memory.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash when certain tracing commands are executed, leading to a denial of service. An attacker or user with access to the tracing interface could exploit this to cause system instability or downtime by triggering the kernel crash.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash using the commands that trigger the issue in the Linux kernel tracing subsystem. The commands to test are: cd /sys/kernel/tracing echo 's:open char file[]' > dynamic_events echo 'hist:keys=common_pid:file=filename:onchange($file).trace(open,$file)' > events/syscalls/sys_enter_openat/trigger echo 1 > events/synthetic/open/enable If these commands cause a kernel crash (oops), the system is vulnerable. The problem arises because the synthetic event field "char file[]" reads user space addresses without proper memory checks.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding the use of synthetic events that read strings from user space without proper memory checks. Specifically, do not enable or create synthetic events that use the "char file[]" field as shown in the example commands. Additionally, update the Linux kernel to a version where this issue is fixed, which uses helper functions from trace_kprobe and trace_eprobe to safely read strings from user space memory.