fkie_cve-2022-50301
Vulnerability from fkie_nvd
Published
2025-09-15 15:15
Modified
2025-09-15 15:22
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1) The "len" variable needs to be checked before the very first write. Otherwise if omap2_iommu_dump_ctx() with "bytes" less than 32 it is a buffer overflow. 2) The snprintf() function returns the number of bytes that *would* have been copied if there were enough space. But we want to know the number of bytes which were *actually* copied so use scnprintf() instead.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0c7043a5b5c3b35f5dc8875757f71e7f491d64d4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/184233a5202786b20220acd2d04ddf909ef18f29
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2fee0dbfaeaaa4bda04279ce772c4572b1429d04
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4010a1afaae1c0fb9c2cac5de703bed29b1f1782
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/648472df221f2bbffb433b964bcb87baccc586d8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/706e359cf046c142db290244c3f4938b20fbe805
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9814cc350e0765ce69244bf55ae4c8b29facd27e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bd0438f534b2e31b12f0b39b355c5dc2bbdaf854
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ec53b99b6b9da8b501f001595a6260c03b42d5b7
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/omap: Fix buffer overflow in debugfs\n\nThere are two issues here:\n\n1) The \"len\" variable needs to be checked before the very first write.\n   Otherwise if omap2_iommu_dump_ctx() with \"bytes\" less than 32 it is a\n   buffer overflow.\n2) The snprintf() function returns the number of bytes that *would* have\n   been copied if there were enough space.  But we want to know the\n   number of bytes which were *actually* copied so use scnprintf()\n   instead."
    }
  ],
  "id": "CVE-2022-50301",
  "lastModified": "2025-09-15T15:22:27.090",
  "metrics": {},
  "published": "2025-09-15T15:15:41.597",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0c7043a5b5c3b35f5dc8875757f71e7f491d64d4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/184233a5202786b20220acd2d04ddf909ef18f29"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2fee0dbfaeaaa4bda04279ce772c4572b1429d04"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4010a1afaae1c0fb9c2cac5de703bed29b1f1782"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/648472df221f2bbffb433b964bcb87baccc586d8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/706e359cf046c142db290244c3f4938b20fbe805"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9814cc350e0765ce69244bf55ae4c8b29facd27e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bd0438f534b2e31b12f0b39b355c5dc2bbdaf854"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ec53b99b6b9da8b501f001595a6260c03b42d5b7"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.