CVE-2022-50828Linux vulnerability

7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL character will not be received by Linux. Add explicit NULL character at last byte to fix issues when clock name is longer. This fixes below bug reported by KASAN: BUG: KASAN: stack-out-of-bounds in strn

Affected Packages4 packages

Linuxlinux/linux_kernel5.2.05.4.220+4
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux5852b1365df4414523210e444ac7df1dec09acb45dbfcf7b080306b65d9f756fadf46c9495793750+6
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
OSV
clk: zynqmp: Fix stack-out-of-bounds in strncpy`2025-12-30
OSV
CVE-2022-50828: In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bounds2025-12-30
GHSA
GHSA-m8pm-m36r-6prw: In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy` "BUG: KASAN: stack-out-of-bound2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: clk: zynqmp: Fix stack-out-of-bounds in strncpy`2025-12-30
Debian
CVE-2022-50828: linux - In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50828 Impact, Exploitability, and Mitigation Steps | Wiz