CVE-2022-50080

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50080
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50080.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50080
Downstream
Published
2025-06-18T11:02:23.003Z
Modified
2025-11-27T02:33:30.685459Z
Summary
tee: add overflow check in register_shm_helper()
Details

In the Linux kernel, the following vulnerability has been resolved:

tee: add overflow check in registershmhelper()

With special lengths supplied by user space, registershmhelper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region.

This causes internalgetuserpagesfast() a helper function of pinuserpages_fast() to do a NULL pointer dereference:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: opteeexamplea Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internalgetuserpagesfast+0x474/0xa80 Call trace: internalgetuserpagesfast+0x474/0xa80 pinuserpagesfast+0x24/0x4c registershmhelper+0x194/0x330 teeshmregisteruserbuf+0x78/0x120 teeioctl+0xd0/0x11a0 _arm64sysioctl+0xa8/0xec invokesyscall+0x48/0x114

Fix this by adding an an explicit call to accessok() in teeshmregisteruser_buf() to catch an invalid user space address early.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2022/50xxx/CVE-2022-50080.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
b37e0f17653c00b586cdbcdf0dbca475358ecffd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
965333345fe952cc7eebc8e3a565ffc709441af2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
578c349570d2a912401963783b36e0ec7a25c053
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
c12f0e6126ad223806a365084e86370511654bf1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
2f8e79a1a6128214cb9b205a9869341af5dfb16b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
58c008d4d398f792ca67f35650610864725518fd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
033ddf12bcf5326b93bd604f50a7474a434a35f9
Fixed
573ae4f13f630d6660008f1974c0a8a29c30e18a

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.16.0
Fixed
4.19.256
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.211
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.137
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.62
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.18.19
Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
5.19.3