CVE-2022-50299Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.104.14.296+6
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux766038846e875740cf4c20dfc5d5b292ba47360a3b0a2bd51f60418ecd67493586a2bb2174199de3+8
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50299: In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below2025-09-15
GHSA
GHSA-3v2j-cr7c-3qcm: In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown bel2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: md: Replace snprintf with scnprintf2025-09-15
Debian
CVE-2022-50299: linux - In the Linux kernel, the following vulnerability has been resolved: md: Replace...2022
CVE-2022-50299 — Integer Overflow or Wraparound | cvebase