CVE-2022-50497
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
04/10/2025
Last modified:
22/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
binfmt_misc: fix shift-out-of-bounds in check_special_flags<br />
<br />
UBSAN reported a shift-out-of-bounds warning:<br />
<br />
left shift of 1 by 31 places cannot be represented in type &#39;int&#39;<br />
Call Trace:<br />
<br />
__dump_stack lib/dump_stack.c:88 [inline]<br />
dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106<br />
ubsan_epilogue+0xa/0x44 lib/ubsan.c:151<br />
__ubsan_handle_shift_out_of_bounds+0x1e7/0x208 lib/ubsan.c:322<br />
check_special_flags fs/binfmt_misc.c:241 [inline]<br />
create_entry fs/binfmt_misc.c:456 [inline]<br />
bm_register_write+0x9d3/0xa20 fs/binfmt_misc.c:654<br />
vfs_write+0x11e/0x580 fs/read_write.c:582<br />
ksys_write+0xcf/0x120 fs/read_write.c:637<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x34/0x80 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />
RIP: 0033:0x4194e1<br />
<br />
Since the type of Node&#39;s flags is unsigned long, we should define these<br />
macros with same type too.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.12.1 (including) | 4.9.337 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.303 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.270 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.229 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.163 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.2 (excluding) |
| cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0f1a48994b3e516d5c7fd5d12204fdba7a604771
- https://git.kernel.org/stable/c/419b808504c26b3e3342365f34ccd0843e09a7f8
- https://git.kernel.org/stable/c/6a46bf558803dd2b959ca7435a5c143efe837217
- https://git.kernel.org/stable/c/88cea1676a09f7c45a1438153a126610c33b1590
- https://git.kernel.org/stable/c/97382a2639b1cd9631f6069061e9d7062cd2b098
- https://git.kernel.org/stable/c/a651bb5ff997b9f02662bcdef3d8b4e6f0d79656
- https://git.kernel.org/stable/c/a91123d4bda463469f68f0427adabf8108001f94
- https://git.kernel.org/stable/c/dcbc51d31d0afbd45e830e3cf565a7b3ca7bf0d8
- https://git.kernel.org/stable/c/ea6145370be8016755c43aca799815fc4b8c88b1