CVE-2022-50717
Out-of-Bounds Access in Linux nvmet-tcp Resolved
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's nvmet-tcp component involves the lack of a bounds check on the Transfer Tag (ttag) used as an index to access a command in the function nvmet_tcp_handle_h2c_data_pdu(). Without this bounds check, there is a risk of out-of-bounds access, which could lead to unexpected behavior or potential security issues. The vulnerability was resolved by adding the necessary bounds check to prevent such out-of-bounds access.
How can this vulnerability impact me? :
The vulnerability could allow out-of-bounds memory access in the Linux kernel's nvmet-tcp component, which might lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service. The exact impact depends on the context in which the vulnerable code is used.