Out-of-Bound Write Vulnerability in Linux Kernel's Tracing Feature
CVE-2022-50553
What is CVE-2022-50553?
A vulnerability in the Linux kernel's tracing feature allows an out-of-bounds write due to incorrect handling of synthetic event parameters. When creating a synthetic event with a number of parameters exceeding the limit, the kernel experiences a panic caused by an overwrite of critical data. This issue arises because the size of the variable reference index array is smaller than the number of allowed parameters. The vulnerability has been addressed by extending the reference index length and adding checks to prevent future out-of-bound writes.
Affected Version(s)
Linux 38b67e60b6b582e81f9db1b2e7176cbbfbd3e574
Linux d380dcde9a07ca5de4805dee11f58a98ec0ad6ff < 0cb31bd88361edb96cfc622648717ba348f0f4dc
Linux d380dcde9a07ca5de4805dee11f58a98ec0ad6ff < 15697f653399253f9be4ed2a1e03d795f3cfee94