CVE-2022-50271

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50271
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50271.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50271
Downstream
Related
Published
2025-09-15T14:21:07.563Z
Modified
2026-04-11T12:44:54.743197Z
Summary
vhost/vsock: Use kvmalloc/kvfree for larger packets.
Details

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: Use kvmalloc/kvfree for larger packets.

When copying a large file over sftp over vsock, data size is usually 32kB, and kmalloc seems to fail to try to allocate 32 32kB regions.

vhost-5837: page allocation failure: order:4, mode:0x24040c0 Call Trace: [<ffffffffb6a0df64>] dumpstack+0x97/0xdb [<ffffffffb68d6aed>] warnalloc_failed+0x10f/0x138 [<ffffffffb68d868a>] ? __allocpagesdirect_compact+0x38/0xc8 [<ffffffffb664619f>] __allocpagesnodemask+0x84c/0x90d [<ffffffffb6646e56>] allockmempages+0x17/0x19 [<ffffffffb6653a26>] kmallocordertrace+0x2b/0xdb [<ffffffffb66682f3>] _kmalloc+0x177/0x1f7 [<ffffffffb66e0d94>] ? copyfromiter+0x8d/0x31d [<ffffffffc0689ab7>] vhostvsockhandletxkick+0x1fa/0x301 [vhostvsock] [<ffffffffc06828d9>] vhostworker+0xf7/0x157 [vhost] [<ffffffffb683ddce>] kthread+0xfd/0x105 [<ffffffffc06827e2>] ? vhostdevsetowner+0x22e/0x22e [vhost] [<ffffffffb683dcd1>] ? flushkthreadworker+0xf3/0xf3 [<ffffffffb6eb332e>] retfromfork+0x4e/0x80 [<ffffffffb683dcd1>] ? flushkthreadworker+0xf3/0xf3

Work around by doing kvmalloc instead.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50271.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
433fc58e6bf2c8bd97e57153ed28e64fd78207b8
Fixed
0d720c3f0a03e97867deab7e480ba3d3e19837ba
Fixed
7aac8c63f604e6a6a46560c0f0188cd0332cf320
Fixed
e6d0152c95108651f1880c1ddfab47cb9e3e62d0
Fixed
b4a5905fd2ef841cd61e969ea692c213c2e5c1f7
Fixed
e28a4e7f0296824c61a81e7fd54ab48bad3e75ad
Fixed
a99fc6d818161d6f1ff3307de8bf5237f6cc34d8
Fixed
36c9f340c60413e28f980c0224c4e9d35851526b
Fixed
0e3f72931fc47bb81686020cc643cde5d9cd0bb8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50271.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.0
Fixed
4.14.296
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.262
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.220
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.150
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.75
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.17
Type
ECOSYSTEM
Events
Introduced
5.20.0
Fixed
6.0.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50271.json"