CVE-2022-50080

tee: add overflow check in register_shm_helper()

Description

In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114 Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b37e0f17653c00b586cdbcdf0dbca475358ecffd
https://git.kernel.org/stable/c/965333345fe952cc7eebc8e3a565ffc709441af2
https://git.kernel.org/stable/c/578c349570d2a912401963783b36e0ec7a25c053
https://git.kernel.org/stable/c/c12f0e6126ad223806a365084e86370511654bf1
https://git.kernel.org/stable/c/2f8e79a1a6128214cb9b205a9869341af5dfb16b
https://git.kernel.org/stable/c/58c008d4d398f792ca67f35650610864725518fd
https://git.kernel.org/stable/c/573ae4f13f630d6660008f1974c0a8a29c30e18a

Frequently Asked Questions

What is the severity of CVE-2022-50080?
CVE-2022-50080 has not yet been assigned a CVSS score.
How to fix CVE-2022-50080?
To fix CVE-2022-50080, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50080 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-50080 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50080?
CVE-2022-50080 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.