DEBIAN-CVE-2022-50299

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-50299
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50299.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50299
Upstream
Published
2025-09-15T15:15:41Z
Modified
2025-09-30T05:18:40.913017Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffer. [ 1513.267938] ------------[ cut here ]------------ [ 1513.267943] WARNING: CPU: 15 PID: 37247 at <snip>/lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510 [ 1513.267944] Modules linked in: <snip> [ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1085-azure #90~18.04.1-Ubuntu [ 1513.267969] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 1513.267971] RIP: 0010:vsnprintf+0x2c8/0x510 <-snip-> [ 1513.267982] Call Trace: [ 1513.267986] snprintf+0x45/0x70 [ 1513.267990] ? diskname+0x71/0xa0 [ 1513.267993] dumpzones+0x114/0x240 [raid0] [ 1513.267996] ? condresched+0x19/0x40 [ 1513.267998] raid0run+0x19e/0x270 [raid0] [ 1513.268000] mdrun+0x5e0/0xc50 [ 1513.268003] ? securitycapable+0x3f/0x60 [ 1513.268005] domdrun+0x19/0x110 [ 1513.268006] mdioctl+0x195e/0x1f90 [ 1513.268007] blkdevioctl+0x91f/0x9f0 [ 1513.268010] blockioctl+0x3d/0x50 [ 1513.268012] dovfsioctl+0xa9/0x640 [ 1513.268014] ? _fput+0x162/0x260 [ 1513.268016] ksysioctl+0x75/0x80 [ 1513.268017] _x64sysioctl+0x1a/0x20 [ 1513.268019] dosyscall64+0x5e/0x200 [ 1513.268021] entrySYSCALL64after_hwframe+0x44/0xa9

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.158-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}