目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2022-50375— Linux kernel 安全漏洞

AI Predicted 7.8 Difficulty: Moderate EPSS 0.15% · P4

Possible ATT&CK Techniques 1AI

T1059 · Command and Scripting Interpreter

Affected Version Matrix 14

ベンダープロダクトVersion Rangeステータス
LinuxLinux6250cc30c4c4e25393ba247f71bdc04b6af3191b< 29b897ac7b990882c74bd08605692214e7e58b83affected
6250cc30c4c4e25393ba247f71bdc04b6af3191b< 9a56ade124d4891a31ab1300c57665f07f5b24d5affected
6250cc30c4c4e25393ba247f71bdc04b6af3191b< c4293def8860fd587a84400ccba5b49cec56e2c3affected
6250cc30c4c4e25393ba247f71bdc04b6af3191b< d554c14eb73ee91d76fc9aece4616f0b687c295daffected
6250cc30c4c4e25393ba247f71bdc04b6af3191b< 3953e7f261e2f4d9c35f0c025df9f166f46aa626affected
6250cc30c4c4e25393ba247f71bdc04b6af3191b< 316ae95c175a7d770d1bfe4c011192712f57aa4aaffected
4.9affected
< 4.9unaffected
… +6 more rows
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2022-50375の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can still occur which in turn tries to access dma apis if lpuart_dma_tx_use flag is true. At this point since dma is torn down, these dma apis can abort. Set lpuart_dma_tx_use and the corresponding rx flag lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not accessed after they are relinquished. Otherwise, when try to kill btattach, kernel may panic. This patch may fix this issue. root@imx8ulpevk:~# btattach -B /dev/ttyLP2 -S 115200 ^C[ 90.182296] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP [ 90.189806] Modules linked in: moal(O) mlan(O) [ 90.194258] CPU: 0 PID: 503 Comm: btattach Tainted: G O 5.15.32-06136-g34eecdf2f9e4 #37 [ 90.203554] Hardware name: NXP i.MX8ULP 9X9 EVK (DT) [ 90.208513] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 90.215470] pc : fsl_edma3_disable_request+0x8/0x60 [ 90.220358] lr : fsl_edma3_terminate_all+0x34/0x20c [ 90.225237] sp : ffff800013f0bac0 [ 90.228548] x29: ffff800013f0bac0 x28: 0000000000000001 x27: ffff000008404800 [ 90.235681] x26: ffff000008404960 x25: ffff000008404a08 x24: ffff000008404a00 [ 90.242813] x23: ffff000008404a60 x22: 0000000000000002 x21: 0000000000000000 [ 90.249946] x20: ffff800013f0baf8 x19: ffff00000559c800 x18: 0000000000000000 [ 90.257078] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 90.264211] x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000040 [ 90.271344] x11: ffff00000600c248 x10: ffff800013f0bb10 x9 : ffff000057bcb090 [ 90.278477] x8 : fffffc0000241a08 x7 : ffff00000534ee00 x6 : ffff000008404804 [ 90.285609] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff0000055b3480 [ 90.292742] x2 : ffff8000135c0000 x1 : ffff00000534ee00 x0 : ffff00000559c800 [ 90.299876] Call trace: [ 90.302321] fsl_edma3_disable_request+0x8/0x60 [ 90.306851] lpuart_flush_buffer+0x40/0x160 [ 90.311037] uart_flush_buffer+0x88/0x120 [ 90.315050] tty_driver_flush_buffer+0x20/0x30 [ 90.319496] hci_uart_flush+0x44/0x90 [ 90.323162] +0x34/0x12c [ 90.327253] tty_ldisc_close+0x38/0x70 [ 90.331005] tty_ldisc_release+0xa8/0x190 [ 90.335018] tty_release_struct+0x24/0x8c [ 90.339022] tty_release+0x3ec/0x4c0 [ 90.342593] __fput+0x70/0x234 [ 90.345652] ____fput+0x14/0x20 [ 90.348790] task_work_run+0x84/0x17c [ 90.352455] do_exit+0x310/0x96c [ 90.355688] do_group_exit+0x3c/0xa0 [ 90.359259] __arm64_sys_exit_group+0x1c/0x20 [ 90.363609] invoke_syscall+0x48/0x114 [ 90.367362] el0_svc_common.constprop.0+0xd4/0xfc [ 90.372068] do_el0_svc+0x2c/0x94 [ 90.375379] el0_svc+0x28/0x80 [ 90.378438] el0t_64_sync_handler+0xa8/0x130 [ 90.382711] el0t_64_sync+0x1a0/0x1a4 [ 90.386376] Code: 17ffffda d503201f d503233f f9409802 (b9400041) [ 90.392467] ---[ end trace 2f60524b4a43f1f6 ]--- [ 90.397073] note: btattach[503] exited with preempt_count 1 [ 90.402636] Fixing recursive fault but reboot is needed!
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于fsl_lpuart驱动中未正确禁用DMA使用标志,可能导致同步外部中止错误。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux 6250cc30c4c4e25393ba247f71bdc04b6af3191b ~ 29b897ac7b990882c74bd08605692214e7e58b83 -
LinuxLinux 4.9 -

II. CVE-2022-50375の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2022-50375のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-09-18 · 121 CVEs total

CVE-2022-50405net/tunnel: wait until all sk_user_data reader finish before releasing the sock
CVE-2022-50418wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
CVE-2022-50417drm/panfrost: Fix GEM handle creation ref-counting
CVE-2022-50416irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init()
CVE-2022-50415parisc: led: Fix potential null-ptr-deref in start_task()
CVE-2022-50414scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
CVE-2022-50413wifi: mac80211: fix use-after-free
CVE-2022-50412drm: bridge: adv7511: unregister cec i2c device after cec adapter
CVE-2022-50411ACPICA: Fix error code path in acpi_ds_call_control_method()
CVE-2022-50410NFSD: Protect against send buffer overflow in NFSv2 READ
CVE-2022-50409net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
CVE-2022-50407crypto: hisilicon/qm - increase the memory of local variables
CVE-2022-50408wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
CVE-2022-50406iomap: iomap: fix memory corruption when recording errors during writeback
CVE-2022-50404fbdev: fbcon: release buffer when fbcon_do_set_font() failed
CVE-2023-53410USB: ULPI: fix memory leak with using debugfs_lookup()
CVE-2023-53413USB: isp116x: fix memory leak with using debugfs_lookup()
CVE-2023-53412USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
CVE-2023-53411PM: EM: fix memory leak with using debugfs_lookup()
CVE-2023-53408trace/blktrace: fix memory leak with using debugfs_lookup()

Showing 20 of 121 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2022-50375へのコメント

まだコメントはありません


コメントを残す