CVE-2022-50040

HIGH EPSS 13.1%
Published Jun 18, 20251y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions' array will be accessed by negative index '-1'. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
13.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.10  –  <5.10.138
linuxlinux_kernel*≥5.11  –  <5.15.63
linuxlinux_kernel*≥5.16  –  <5.19.4
linuxlinux_kernel6.0any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/7983e1e44cb322eba6af84160b6d18df80603fb8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/79f86b862416126a2e826cb74224180d6625a32f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e84c6321f3578c38cb3c24258db91a92672b17a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fd8e899cdb5ecaf8e8ee73854a99e10807eef1de
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/7983e1e44cb322eba6af84160b6d18df80603fb8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/79f86b862416126a2e826cb74224180d6625a32f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e84c6321f3578c38cb3c24258db91a92672b17a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fd8e899cdb5ecaf8e8ee73854a99e10807eef1de
    Patch