Wind River Support Network

HomeDefectsLIN1022-17863
Fixed

LIN1022-17863 : Security Advisory - linux - CVE-2022-50394

Created: Sep 19, 2025    Updated: Sep 22, 2025
Resolved Date: Sep 22, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.5
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:  i2c: ismt: Fix an out-of-bounds bug in ismt_access()  When the driver does not check the data from the user, the variable 'data->block[0]' may be very large to cause an out-of-bounds bug.  The following log can reveal it:  [   33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20 [   33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA:  WRITE [   33.996475] ================================================================== [   33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b [   33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485 [   33.999450] Call Trace: [   34.001849]  memcpy+0x20/0x60 [   34.002077]  ismt_access.cold+0x374/0x214b [   34.003382]  __i2c_smbus_xfer+0x44f/0xfb0 [   34.004007]  i2c_smbus_xfer+0x10a/0x390 [   34.004291]  i2cdev_ioctl_smbus+0x2c8/0x710 [   34.005196]  i2cdev_ioctl+0x5ec/0x74c  Fix this bug by checking the size of 'data->block[0]' first.

CVEs


Live chat
Online