CVE-2022-50756

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme-pci: fix mempool alloc size<br /> <br /> Convert the max size to bytes to match the units of the divisor that<br /> calculates the worst-case number of PRP entries.<br /> <br /> The result is used to determine how many PRP Lists are required. The<br /> code was previously rounding this to 1 list, but we can require 2 in the<br /> worst case. In that scenario, the driver would corrupt memory beyond the<br /> size provided by the mempool.<br /> <br /> While unlikely to occur (you&amp;#39;d need a 4MB in exactly 127 phys segments<br /> on a queue that doesn&amp;#39;t support SGLs), this memory corruption has been<br /> observed by kfence.