CVE-2022-50636Insufficient Control Flow Management in Linux

CWE-691Insufficient Control Flow Management6 documents5 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_device_is_present() for VFs by checking PF pci_device_is_present() previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead. Wei Gong reported that if virtio I/O is in progress when the driver is unbound or "0" is written to /sys/.../sriov_numvfs, the virtio I/O operation hangs, which may result in output like th

Affected Packages4 packages

Linuxlinux/linux_kernel3.13.04.14.303+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux8496e85c20e7836b3dec97780e40f420a3ae2801f4b44c7766dae2b8681f621941cabe9f14066d59+8
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
PCI: Fix pci_device_is_present() for VFs by checking PF2025-12-09
GHSA
GHSA-m8h5-vf45-h85r: In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_device_is_present() for VFs by checking PF pci_device_is_present()2025-12-09
OSV
CVE-2022-50636: In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_device_is_present() for VFs by checking PF pci_device_is_present() pr2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: PCI: Fix pci_device_is_present() for VFs by checking PF2025-12-09
Debian
CVE-2022-50636: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pc...2022