Array Index Out of Bounds Vulnerability in Linux Kernel Affecting AHCI Driver
CVE-2022-50315

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50315?

A vulnerability in the Linux kernel's AHCI driver is caused by a mismatch between the maximum slots defined and the number of Enclosure Management ports initialized. The function 'sata_pmp_init_links()' initializes links beyond the configured array size, leading to potential array index out of bounds errors. This issue can affect systems utilizing SATA Port Multiplier configurations, necessitating an update to align the EM_MAX_SLOTS with SATA_PMP_MAX_PORTS to mitigate the risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67a00c299c5c143817c948fbc7de1a2fa1af38fb

References

https://git.kernel.org/stable/c/f70bd4339cb68bc7e206af4c9...

https://git.kernel.org/stable/c/da2ea4a961d9f89ed248734e7...

https://git.kernel.org/stable/c/67a00c299c5c143817c948fbc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025