CVE-2022-50657
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that adds the missing memcpy in kasan_init to ensure that the kasan shadow region is properly initialized and to avoid page faults during kasan_populate. This involves updating the Linux kernel to a version that includes this fix.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves a missing memcpy operation during the kasan_init process for riscv architectures. Specifically, when kasan_populate allocates new base_pud/base_p4d structures, it should copy the content of kasan_early_shadow_{pud, p4d} to avoid page faults when accessing the kasan shadow region. The missing memcpy could cause a kernel panic due to page faults when reading or writing to this shadow memory.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to panic (crash) on riscv architectures when Kernel Address Sanitizer (KASAN) is enabled, due to page faults in the kasan shadow memory region. This could lead to system instability or downtime.