2395435 – (CVE-2022-50301) CVE-2022-50301 kernel: iommu/omap: Fix buffer overflow in debugfs

Bug 2395435 (CVE-2022-50301) - CVE-2022-50301 kernel: iommu/omap: Fix buffer overflow in debugfs

Summary: CVE-2022-50301 kernel: iommu/omap: Fix buffer overflow in debugfs

Keywords:
Status:	NEW
Alias:	CVE-2022-50301
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-15 15:13 UTC by OSIDB Bzimport
Modified:	2025-11-26 09:20 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-15 15:13:42 UTC

In the Linux kernel, the following vulnerability has been resolved:

iommu/omap: Fix buffer overflow in debugfs

There are two issues here:

1) The "len" variable needs to be checked before the very first write.
   Otherwise if omap2_iommu_dump_ctx() with "bytes" less than 32 it is a
   buffer overflow.
2) The snprintf() function returns the number of bytes that *would* have
   been copied if there were enough space.  But we want to know the
   number of bytes which were *actually* copied so use scnprintf()
   instead.

Comment 1 Jon Moroney 2025-09-15 16:14:08 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091558-CVE-2022-50301-c26c@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.