CVE-2022-50778Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL With CONFIG_FORTIFY=y and CONFIG_UBSAN_LOCAL_BOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's (CTS) android.hardware.input.cts.tests. This is stemming from a strlen() call in hidinput_allocate(). __compiletime_strlen() is implemented in terms of __builtin_object_size(), then does an array access to check for NUL-termina

Affected Packages4 packages

Linuxlinux/linux_kernel5.16.05.19.17+1
Debianlinux/linux_kernel< 6.0.3-1+2
CVEListV5linux/linux3009f891bb9f328945ebd5b71e12df7e2467f3dded42391164e6839a48aaf4c53eefda516835e799+3
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-h2v3-h25x-63cp: In the Linux kernel, the following vulnerability has been resolved: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL With CONFIG_FORTIFY2025-12-24
OSV
fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL2025-12-24
OSV
CVE-2022-50778: In the Linux kernel, the following vulnerability has been resolved: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL With CONFIG_FORTIFY=y2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL2025-12-24
Debian
CVE-2022-50778: linux - In the Linux kernel, the following vulnerability has been resolved: fortify: Fi...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50778 Impact, Exploitability, and Mitigation Steps | Wiz