CVE-2022-50301
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 3.19 (inc) to 4.9.331 (exc) |
| linux | linux_kernel | From 4.10 (inc) to 4.14.296 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.262 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.220 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.150 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.75 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 5.19.17 (exc) |
| linux | linux_kernel | From 6.0 (inc) to 6.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the Linux kernel's iommu/omap debugfs code. It occurs because the 'len' variable is not checked before the first write operation, which can lead to a buffer overflow if the function omap2_iommu_dump_ctx() is called with 'bytes' less than 32. Additionally, the code incorrectly uses snprintf() which returns the number of bytes that would have been copied, rather than the actual number copied, so it should use scnprintf() instead.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges.