目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2022-50370— Linux kernel 安全漏洞

AI 预测 5.3 利用难度: 中等 EPSS 0.19% · P9

影响版本矩阵 10

厂商产品版本范围状态
LinuxLinuxc7b79a75287141cef5bbaeaf1c942269c08cd52e< 7fa5304c4b5b425d4a0b3acf10139a7f6108a85faffected
c7b79a75287141cef5bbaeaf1c942269c08cd52e< a206f7fbe9589c60fafad12884628c909ecb042faffected
c7b79a75287141cef5bbaeaf1c942269c08cd52e< aa59ac81e859006d3a1df035a19b3f2089110f93affected
c7b79a75287141cef5bbaeaf1c942269c08cd52e< 301c8f5c32c8fb79c67539bc23972dc3ef48024caffected
5.12affected
< 5.12unaffected
5.15.75≤ 5.15.*unaffected
5.19.17≤ 5.19.*unaffected
… +2 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2022-50370 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
i2c: designware: Fix handling of real but unexpected device interrupts
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs") caused a regression on certain Gigabyte motherboards for Intel Alder Lake-S where system crashes to NULL pointer dereference in i2c_dw_xfer_msg() when system resumes from S3 sleep state ("deep"). I was able to debug the issue on Gigabyte Z690 AORUS ELITE and made following notes: - Issue happens when resuming from S3 but not when resuming from "s2idle" - PCI device 00:15.0 == i2c_designware.0 is already in D0 state when system enters into pci_pm_resume_noirq() while all other i2c_designware PCI devices are in D3. Devices were runtime suspended and in D3 prior entering into suspend - Interrupt comes after pci_pm_resume_noirq() when device interrupts are re-enabled - According to register dump the interrupt really comes from the i2c_designware.0. Controller is enabled, I2C target address register points to a one detectable I2C device address 0x60 and the DW_IC_RAW_INTR_STAT register START_DET, STOP_DET, ACTIVITY and TX_EMPTY bits are set indicating completed I2C transaction. My guess is that the firmware uses this controller to communicate with an on-board I2C device during resume but does not disable the controller before giving control to an operating system. I was told the UEFI update fixes this but never the less it revealed the driver is not ready to handle TX_EMPTY (or RX_FULL) interrupt when device is supposed to be idle and state variables are not set (especially the dev->msgs pointer which may point to NULL or stale old data). Introduce a new software status flag STATUS_ACTIVE indicating when the controller is active in driver point of view. Now treat all interrupts that occur when is not set as unexpected and mask all interrupts from the controller.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于i2c_designware设备中断处理不当,可能导致空指针取消引用。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux c7b79a75287141cef5bbaeaf1c942269c08cd52e ~ 7fa5304c4b5b425d4a0b3acf10139a7f6108a85f -
LinuxLinux 5.12 -

二、漏洞 CVE-2022-50370 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2022-50370 的情报信息

登录查看更多情报信息。

同批安全公告 · Linux · 2025-09-17 · 共 56 条

CVE-2022-50371Linux kernel 安全漏洞
CVE-2022-50355Linux kernel 安全漏洞
CVE-2022-50358Linux kernel 安全漏洞
CVE-2022-50356Linux kernel 安全漏洞
CVE-2022-50357Linux kernel 安全漏洞
CVE-2022-50359Linux kernel 安全漏洞
CVE-2022-50354Linux kernel 安全漏洞
CVE-2022-50367Linux kernel 安全漏洞
CVE-2022-50368Linux kernel 安全漏洞
CVE-2022-50369Linux kernel 安全漏洞
CVE-2022-50366Linux kernel 安全漏洞
CVE-2022-50372Linux kernel 安全漏洞
CVE-2022-50373Linux kernel 安全漏洞
CVE-2022-50374Linux kernel 安全漏洞
CVE-2023-53335Linux kernel 安全漏洞
CVE-2023-53336Linux kernel 安全漏洞
CVE-2023-53337Linux kernel 安全漏洞
CVE-2023-53338Linux kernel 安全漏洞
CVE-2023-53339Linux kernel 安全漏洞
CVE-2023-53340Linux kernel 安全漏洞

显示前 20 条,共 56 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2022-50370

暂无评论


发表评论