CVE-2022-50756 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

5.9MEDIUM

No vector

EPSS

0.0%

top 92.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was previously rounding this to 1 list, but we can require 2 in the worst case. In that scenario, the driver would corrupt memory beyond the size provided by the mempool. While unlikely to occur (you'd n…

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.18.0 — 5.10.163+3

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux943e942e6266f22babee5efeb00f8f672fbff5bd — dfb6d54893d544151e7f480bc44cfe7823f5ad23+5

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2022-50756: In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units↗2025-12-24

▶

OSV

nvme-pci: fix mempool alloc size↗2025-12-24

▶

GHSA

GHSA-j2wx-wqf4-px3j: In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the unit↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: nvme-pci: fix mempool alloc size↗2025-12-24

▶

Debian

CVE-2022-50756: linux - In the Linux kernel, the following vulnerability has been resolved: nvme-pci: f...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50756 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶