CVE-2022-50058

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50058
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50058.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50058
Downstream
Published
2025-06-18T11:02:06.988Z
Modified
2026-03-11T08:53:05.633039Z
Summary
vdpa_sim_blk: set number of address spaces and virtqueue groups
Details

In the Linux kernel, the following vulnerability has been resolved:

vdpasimblk: set number of address spaces and virtqueue groups

Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasimdevattr, but we forgot to initialize them for vdpasimblk.

When creating a new vdpasimblk device this causes the kernel to panic in this way:    $ vdpa dev add mgmtdev vdpasimblk name blk0    BUG: kernel NULL pointer dereference, address: 0000000000000030    ...    RIP: 0010:vhostiotlbaddrangectx+0x41/0x220 [vhostiotlb]    ...    Call Trace:     <TASK>     vhostiotlbaddrange+0x11/0x800 [vhostiotlb]     vdpasimmaprange+0x91/0xd0 [vdpasim]     vdpasimalloccoherent+0x56/0x90 [vdpasim]     ...

This happens because vdpasim->iommu[0] is not initialized when dev_attr.nas is 0.

Let's fix this issue by initializing both (nas, ngroups) to 1 for vdpasimblk.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50058.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bda324fd037a6b0d44da5699574ce741ca161bc4
Fixed
a291c7d289fac2cb13fb2614a9a251afbbd86ce9
Fixed
19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809

Affected versions

v5.*
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "drivers/vdpa/vdpa_sim/vdpa_sim_blk.c"
        },
        "id": "CVE-2022-50058-72a3ef35",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a291c7d289fac2cb13fb2614a9a251afbbd86ce9",
        "digest": {
            "line_hashes": [
                "229893513768183256140090600272029560014",
                "255618532477654915662306805495475613322",
                "211900677396193792312478282465514065430",
                "29853717920524460267297643895134302537",
                "339399559173332759022669451204103600057",
                "177712633298721400682982490895854223778",
                "60613893116227037724868621198571522901"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "drivers/vdpa/vdpa_sim/vdpa_sim_blk.c",
            "function": "vdpasim_blk_dev_add"
        },
        "id": "CVE-2022-50058-b066fdee",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809",
        "digest": {
            "function_hash": "144508849784092554687040135824651133513",
            "length": 769.0
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "drivers/vdpa/vdpa_sim/vdpa_sim_blk.c",
            "function": "vdpasim_blk_dev_add"
        },
        "id": "CVE-2022-50058-fc8ac255",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a291c7d289fac2cb13fb2614a9a251afbbd86ce9",
        "digest": {
            "function_hash": "144508849784092554687040135824651133513",
            "length": 769.0
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "drivers/vdpa/vdpa_sim/vdpa_sim_blk.c"
        },
        "id": "CVE-2022-50058-fd6bdd90",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809",
        "digest": {
            "line_hashes": [
                "229893513768183256140090600272029560014",
                "255618532477654915662306805495475613322",
                "211900677396193792312478282465514065430",
                "29853717920524460267297643895134302537",
                "339399559173332759022669451204103600057",
                "177712633298721400682982490895854223778",
                "60613893116227037724868621198571522901"
            ],
            "threshold": 0.9
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50058.json"