CVE-2022-50756
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-24

Last updated on: 2025-12-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was previously rounding this to 1 list, but we can require 2 in the worst case. In that scenario, the driver would corrupt memory beyond the size provided by the mempool. While unlikely to occur (you'd need a 4MB in exactly 127 phys segments on a queue that doesn't support SGLs), this memory corruption has been observed by kfence.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-29
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50756
EUVD
EUVD-2022-55805
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's nvme-pci driver where the calculation for memory pool allocation size was incorrect. The code converted the maximum size incorrectly, causing it to underestimate the number of PRP (Physical Region Page) lists needed. In some rare cases, this led to memory corruption beyond the allocated memory size, as the driver assumed only one PRP list was needed when two could be required. This memory corruption was detected by kfence.


How can this vulnerability impact me? :

The vulnerability can cause memory corruption in the Linux kernel's nvme-pci driver under very specific and unlikely conditions. This memory corruption could potentially lead to system instability, crashes, or security issues due to corrupted memory being accessed or overwritten.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart