DEBIAN-CVE-2022-50425
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50425
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50425.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50425
- Upstream
- Published
- 2025-10-01T12:15:33Z
- Modified
- 2025-10-02T09:00:46Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi() to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature(). But, dynamic states are not present in initfpstate because of all-zeros init states. Then retrieving them from initfpstate will explode like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:memcpyerms+0x6/0x10 ? _copyxstatetouabibuf+0x381/0x870 fpucopyguestfpstatetouabi+0x28/0x80 kvmarchvcpuioctl+0x14c/0x1460 [kvm] ? _thiscpupreemptcheck+0x13/0x20 ? vmxvcpuput+0x2e/0x260 [kvmintel] kvmvcpuioctl+0xea/0x6b0 [kvm] ? kvmvcpuioctl+0xea/0x6b0 [kvm] ? _fgetlight+0xd4/0x130 _x64sysioctl+0xe3/0x910 ? debugsmpprocessorid+0x17/0x20 ? fpregsassertstateconsistent+0x27/0x50 dosyscall64+0x3f/0x90 entrySYSCALL64afterhwframe+0x63/0xcd Adjust the 'mask' to zero out the userspace buffer for the features that are not available both from fpstate and from initfpstate. The dynamic features depend on the compacted XSAVE format. Ensure it is enabled before reading XCOMPBV in initfpstate.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source