We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-50080

tee: add overflow check in register_shm_helper()



Description

In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114 Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early.

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before b37e0f17653c00b586cdbcdf0dbca475358ecffd
affected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before 965333345fe952cc7eebc8e3a565ffc709441af2
affected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before 578c349570d2a912401963783b36e0ec7a25c053
affected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before c12f0e6126ad223806a365084e86370511654bf1
affected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before 2f8e79a1a6128214cb9b205a9869341af5dfb16b
affected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before 58c008d4d398f792ca67f35650610864725518fd
affected

033ddf12bcf5326b93bd604f50a7474a434a35f9 before 573ae4f13f630d6660008f1974c0a8a29c30e18a
affected

Default status
affected

4.16
affected

Any version before 4.16
unaffected

4.19.256
unaffected

5.4.211
unaffected

5.10.137
unaffected

5.15.62
unaffected

5.18.19
unaffected

5.19.3
unaffected

6.0
unaffected

References

git.kernel.org/...c/b37e0f17653c00b586cdbcdf0dbca475358ecffd

git.kernel.org/...c/965333345fe952cc7eebc8e3a565ffc709441af2

git.kernel.org/...c/578c349570d2a912401963783b36e0ec7a25c053

git.kernel.org/...c/c12f0e6126ad223806a365084e86370511654bf1

git.kernel.org/...c/2f8e79a1a6128214cb9b205a9869341af5dfb16b

git.kernel.org/...c/58c008d4d398f792ca67f35650610864725518fd

git.kernel.org/...c/573ae4f13f630d6660008f1974c0a8a29c30e18a

cve.org (CVE-2022-50080)

nvd.nist.gov (CVE-2022-50080)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-50080

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.