CVE-2022-50717 — Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285 — Improper Validation of Specified Index, Position, or Offset in Input7 documents6 sources

Severity

6.1MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.0.0 — 5.4.220+4

▶Debianlinux/linux_kernel< 5.10.158-1+3

▶CVEListV5linux/linux872d26a391da92ed8f0c0f5cb5fef428067b7f30 — 0d150ccd55dbfad36f55855b40b381884c98456e+6

▶debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

OSV

nvmet-tcp: add bounds check on Transfer Tag↗2025-12-24

▶

OSV

CVE-2022-50717: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in↗2025-12-24

▶

GHSA

GHSA-87xx-4gg4-q2mp: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: nvmet-tcp: add bounds check on Transfer Tag↗2025-12-24

▶

Debian

CVE-2022-50717: linux - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: ...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50717 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶