CVE-2022-50239

HIGH EPSS 4.4%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because of a write in some read-only memory: [ 9.068287] Unable to handle kernel write to read-only memory at virtual address ffff800009240ad8 ..snip.. [ 9.138790] Internal error: Oops: 9600004f [#1] PREEMPT SMP ..snip.. [ 9.269161] Call trace: [ 9.276271] __memcpy+0x5c/0x230 [ 9.278531] snprintf+0x58/0x80 [ 9.282002] qcom_cpufreq_msm8939_name_version+0xb4/0x190 [ 9.284869] qcom_cpufreq_probe+0xc8/0x39c ..snip.. The following line defines a pointer that point to a char buffer stored in read-only memory: char *pvs_name = "speedXX-pvsXX-vXX"; This pointer is meant to hold a template "speedXX-pvsXX-vXX" where the XX values get overridden by the qcom_cpufreq_krait_name_version function. Since the template is actually stored in read-only memory, when the function executes the following call we get an oops: snprintf(*pvs_name, sizeof("speedXX-pvsXX-vXX"), "speed%d-pvs%d-v%d", speed, pvs, pvs_ver); To fix this issue, we instead store the template name onto the stack by using the following syntax: char pvs_name_buffer[] = "speedXX-pvsXX-vXX"; Because the `pvs_name` needs to be able to be assigned to NULL, the template buffer is stored in the pvs_name_buffer and not under the pvs_name variable.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.7  –  <5.10.152
linuxlinux_kernel*≥5.11  –  <5.15.76
linuxlinux_kernel*≥5.16  –  <6.0.6
linuxlinux_kernel6.1any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/01039fb8e90c9cb684430414bff70cea9eb168c5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/14d260f94ff89543597ffea13db8b277a810e08e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/794ded0bc461287a268bed21fea2eebb6e5d232c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b74ee4e301ca01e431e240c046173332966e2431
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/01039fb8e90c9cb684430414bff70cea9eb168c5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/14d260f94ff89543597ffea13db8b277a810e08e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/794ded0bc461287a268bed21fea2eebb6e5d232c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b74ee4e301ca01e431e240c046173332966e2431
    Patch