Strix
26.1K

CVE-2022-50575

UnknownEPSS 0.20%

Last modified

CVE-2022-50575 is a vulnerability of currently unknown severity. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack trace and messes up dmesg with a warning. Call trace: -> privcmd_ioctl --> privcmd_ioctl_mmap_resource Add __GFP_NOWARN in order to avoid too large allocation warning. This is detected by static analysis using smatch.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack trace and messes up dmesg with a warning. Call trace: -> privcmd_ioctl --> privcmd_ioctl_mmap_resource Add __GFP_NOWARN in order to avoid too large allocation warning. This is detected by static analysis using smatch.

Metrics

EPSS Probability
0.20%

10.0th percentile

Probability of exploitation in the next 30 days. Learn more

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2022-50575?
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack trace and messes up dmesg with a warning. Call trace: -> privcmd_ioctl --> privcmd_ioctl_mmap_resource Add __GFP_NOWARN in order to avoid too large allocation warning. This is detected by static analysis using smatch.
How severe is CVE-2022-50575?
Severity scoring for CVE-2022-50575 is pending analysis. The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2022-50575?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-50575?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST