CVE - CVE-2022-50080

CVE-ID
CVE-2022-50080	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114 Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2f8e79a1a6128214cb9b205a9869341af5dfb16b URL:https://git.kernel.org/stable/c/2f8e79a1a6128214cb9b205a9869341af5dfb16b MISC:https://git.kernel.org/stable/c/573ae4f13f630d6660008f1974c0a8a29c30e18a URL:https://git.kernel.org/stable/c/573ae4f13f630d6660008f1974c0a8a29c30e18a MISC:https://git.kernel.org/stable/c/578c349570d2a912401963783b36e0ec7a25c053 URL:https://git.kernel.org/stable/c/578c349570d2a912401963783b36e0ec7a25c053 MISC:https://git.kernel.org/stable/c/58c008d4d398f792ca67f35650610864725518fd URL:https://git.kernel.org/stable/c/58c008d4d398f792ca67f35650610864725518fd MISC:https://git.kernel.org/stable/c/965333345fe952cc7eebc8e3a565ffc709441af2 URL:https://git.kernel.org/stable/c/965333345fe952cc7eebc8e3a565ffc709441af2 MISC:https://git.kernel.org/stable/c/b37e0f17653c00b586cdbcdf0dbca475358ecffd URL:https://git.kernel.org/stable/c/b37e0f17653c00b586cdbcdf0dbca475358ecffd MISC:https://git.kernel.org/stable/c/c12f0e6126ad223806a365084e86370511654bf1 URL:https://git.kernel.org/stable/c/c12f0e6126ad223806a365084e86370511654bf1
Assigning CNA
kernel.org
Date Record Created
20250618	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250618)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)