CVE-2022-50040

net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions' array will be accessed by negative index '-1'. Found by Linux Verification Center (linuxtesting.org) with SVACE.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7983e1e44cb322eba6af84160b6d18df80603fb8
https://git.kernel.org/stable/c/e84c6321f3578c38cb3c24258db91a92672b17a8
https://git.kernel.org/stable/c/79f86b862416126a2e826cb74224180d6625a32f
https://git.kernel.org/stable/c/fd8e899cdb5ecaf8e8ee73854a99e10807eef1de

Frequently Asked Questions

What is the severity of CVE-2022-50040?
CVE-2022-50040 has not yet been assigned a CVSS score.
How to fix CVE-2022-50040?
To fix CVE-2022-50040, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50040 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-50040 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50040?
CVE-2022-50040 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.