CVE-2022-50394
- Source
- https://cve.org/CVERecord?id=CVE-2022-50394
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50394.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50394
- Downstream
- Related
- Published
- 2025-09-18T13:33:12.992Z
- Modified
- 2026-04-02T08:28:28.444448Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- i2c: ismt: Fix an out-of-bounds bug in ismt_access()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
When the driver does not check the data from the user, the variable 'data->block[0]' may be very large to cause an out-of-bounds bug.
The following log can reveal it:
[ 33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20 [ 33.995978] ismtsmbus 0000:00:05.0: I2CSMBUSBLOCKDATA: WRITE [ 33.996475] ================================================================== [ 33.996995] BUG: KASAN: out-of-bounds in ismtaccess.cold+0x374/0x214b [ 33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismtpoc/485 [ 33.999450] Call Trace: [ 34.001849] memcpy+0x20/0x60 [ 34.002077] ismt_access.cold+0x374/0x214b [ 34.003382] _i2csmbusxfer+0x44f/0xfb0 [ 34.004007] i2csmbusxfer+0x10a/0x390 [ 34.004291] i2cdevioctlsmbus+0x2c8/0x710 [ 34.005196] i2cdevioctl+0x5ec/0x74c
Fix this bug by checking the size of 'data->block[0]' first.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50394.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/03b7ef7a6c5ca1ff553470166b4919db88b810f6
- https://git.kernel.org/stable/c/233348a04becf133283f0076e20b317302de21d9
- https://git.kernel.org/stable/c/39244cc754829bf707dccd12e2ce37510f5b1f8d
- https://git.kernel.org/stable/c/4a7bb1d93addb2f67e36fed00a53cb7f270d7b7a
- https://git.kernel.org/stable/c/96c12fd0ec74641295e1c3c34dea3dce1b6c3422
- https://git.kernel.org/stable/c/9ac541a0898e8ec187a3fa7024b9701cffae6bf2
- https://git.kernel.org/stable/c/a642469d464b2780a25a49b51ae56623c65eac34
- https://git.kernel.org/stable/c/bfe41d966c860a8ad4c735639d616da270c92735
- https://git.kernel.org/stable/c/cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50394.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50394
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9Fixed4a7bb1d93addb2f67e36fed00a53cb7f270d7b7aFixed03b7ef7a6c5ca1ff553470166b4919db88b810f6Fixedbfe41d966c860a8ad4c735639d616da270c92735Fixedcdcbae2c5003747ddfd14e29db9c1d5d7e7c44ddFixed9ac541a0898e8ec187a3fa7024b9701cffae6bf2Fixed96c12fd0ec74641295e1c3c34dea3dce1b6c3422Fixeda642469d464b2780a25a49b51ae56623c65eac34Fixed233348a04becf133283f0076e20b317302de21d9Fixed39244cc754829bf707dccd12e2ce37510f5b1f8d