CVE-2022-50756

NONE EPSS 10.6%
Published Dec 24, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 24, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was previously rounding this to 1 list, but we can require 2 in the worst case. In that scenario, the driver would corrupt memory beyond the size provided by the mempool. While unlikely to occur (you'd need a 4MB in exactly 127 phys segments on a queue that doesn't support SGLs), this memory corruption has been observed by kfence.

Threat Intelligence

EPSS Exploit Probability
10.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 5

  • git.kernel.org https://git.kernel.org/stable/c/9141144b37f30e3e7fa024bcfa0a13011e546ba9
  • git.kernel.org https://git.kernel.org/stable/c/b1814724e0d7162bdf4799f2d565381bc2251c63
  • git.kernel.org https://git.kernel.org/stable/c/c89a529e823d51dd23c7ec0c047c7a454a428541
  • git.kernel.org https://git.kernel.org/stable/c/dfb6d54893d544151e7f480bc44cfe7823f5ad23
  • git.kernel.org https://git.kernel.org/stable/c/e1777b4286e526c58b4ee699344b0ad85aaf83a0

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.