CVE-2022-50307

HIGH EPSS 4.3%
Published Sep 15, 20259mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix out-of-bounds access on cio_ignore free The channel-subsystem-driver scans for newly available devices whenever device-IDs are removed from the cio_ignore list using a command such as: echo free >/proc/cio_ignore Since an I/O device scan might interfer with running I/Os, commit 172da89ed0ea ("s390/cio: avoid excessive path-verification requests") introduced an optimization to exclude online devices from the scan. The newly added check for online devices incorrectly assumes that an I/O-subchannel's drvdata points to a struct io_subchannel_private. For devices that are bound to a non-default I/O subchannel driver, such as the vfio_ccw driver, this results in an out-of-bounds read access during each scan. Fix this by changing the scan logic to rely on a driver-independent online indication. For this we can use struct subchannel->config.ena, which is the driver's requested subchannel-enabled state. Since I/Os can only be started on enabled subchannels, this matches the intent of the original optimization of not scanning devices where I/O might be running.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.15.1  –  <5.15.78
linuxlinux_kernel*≥5.16  –  <6.0.7
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel6.1any
linuxlinux_kernel6.1any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/0e501fd0f38e42304bfa0d46a812d93f80294a87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/106ab66cf5467726ca5ead51623043d37c06820a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b6074112742f65ece71b0f299ca5a6a887d2db6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0e501fd0f38e42304bfa0d46a812d93f80294a87
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/106ab66cf5467726ca5ead51623043d37c06820a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b6074112742f65ece71b0f299ca5a6a887d2db6
    Patch