CVE-2022-50621 — Trust Boundary Violation in Linux

CWE-501 — Trust Boundary Violation6 documents5 sources

Severity

6.0MEDIUM

No vector

EPSS

0.0%

top 89.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets can be configured to ignore corrupted data blocks. LoadPin must only trust verity targets that are configured to perform some kind of enforcement when data corruption is detected, like returning an error, restarting the system or triggering a panic.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.0.0 — 6.0.3

▶Debianlinux/linux_kernel< 6.0.3-1+2

▶CVEListV5linux/linuxb6c1c5745ccc68ac5d57c7ffb51ea25a86d0e97b — cb1f5b76e39d86c98722696bdf632987aa777b83+2

▶debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2022-50621: In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets can↗2025-12-08

▶

OSV

dm: verity-loadpin: Only trust verity targets with enforcement↗2025-12-08

▶

GHSA

GHSA-j7cr-m6w2-c634: In the Linux kernel, the following vulnerability has been resolved: dm: verity-loadpin: Only trust verity targets with enforcement Verity targets ca↗2025-12-08

▶

📋Vendor Advisories

Red Hat

kernel: dm: verity-loadpin: Only trust verity targets with enforcement↗2025-12-08

▶

Debian

CVE-2022-50621: linux - In the Linux kernel, the following vulnerability has been resolved: dm: verity-...↗2022

▶