NVD

CVE-2022-50341 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000294f3000 [ffff0001221cf000] pgd=18000001ffff8003, p4d=18000001ffff8003, pud=18000001ff82e003, pmd=18000001ff71d003, pte=00600001221cf787 Internal error: Oops: 9600004f [#1] PREEMPT SMP ... pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) pc : __memcpy+0x40/0x230 lr : scatterwalk_copychunks+0xe0/0x200 sp : ffff800014e92de0 x29: ffff800014e92de0 x28: ffff000114f9de80 x27: 0000000000000008 x26: 0000000000000008 x25: ffff800014e92e78 x24: 0000000000000008 x23: 0000000000000001 x22: 0000040000000000 x21: ffff000000000000 x20: 0000000000000001 x19: ffff0001037c4488 x18: 0000000000000014 x17: 235e1c0d6efa9661 x16: a435f9576b6edd6c x15: 0000000000000058 x14: 0000000000000001 x13: 0000000000000008 x12: ffff000114f2e590 x11: ffffffffffffffff x10: 0000040000000000 x9 : ffff8000105c3580 x8 : 2e9413b10000001a x7 : 534b4410fb86b005 x6 : 534b4410fb86b005 x5 : ffff0001221cf008 x4 : ffff0001037c4490 x3 : 0000000000000001 x2 : 0000000000000008 x1 : ffff0001037c4488 x0 : ffff0001221cf000 Call trace: __memcpy+0x40/0x230 scatterwalk_map_and_copy+0x98/0x100 crypto_ccm_encrypt+0x150/0x180 crypto_aead_encrypt+0x2c/0x40 crypt_message+0x750/0x880 smb3_init_transform_rq+0x298/0x340 smb_send_rqst.part.11+0xd8/0x180 smb_send_rqst+0x3c/0x100 compound_send_recv+0x534/0xbc0 smb2_query_info_compound+0x32c/0x440 smb2_set_ea+0x438/0x4c0 cifs_xattr_set+0x5d4/0x7c0 This is because in scatterwalk_copychunks(), we attempted to write to a buffer (@sign) that was allocated in the stack (vmalloc area) by crypt_message() and thus accessing its remaining 8 (x2) bytes ended up crossing a page boundary. To simply fix it, we could just pass @sign kmalloc'd from crypt_message() and then we're done. Luckily, we don't seem to pass any other vmalloc'd buffers in smb_rqst::rq_iov... Instead, let's map the correct pages and offsets from vmalloc buffers as well in cifs_sg_set_buf() and then avoiding such oopses.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

ADP: CISA-ADP

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/a13e51760703f71c25d5fc1f4a62dfa4b0cc80e9	kernel.org	Patch
https://git.kernel.org/stable/c/bf0543b93740916ee91956f9a63da6fc0d79daaa	kernel.org	Patch
https://git.kernel.org/stable/c/e8d16a54842d609fd4a3ed2d81d4333d6329aa94	kernel.org	Patch
https://git.kernel.org/stable/c/e8e2861cc3258dbe407d01ea8c59bb5a53132301	kernel.org	Patch
https://git.kernel.org/stable/c/f7f291e14dde32a07b1f0aa06921d28f875a7b54	kernel.org	Patch
https://git.kernel.org/stable/c/fe6ea044c4f05706cb71040055b1c70c6c8275e0	kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

CVE Modified by kernel.org 6/17/2026 1:23:16 AM

Action

Type

Old Value

New Value

Added

Affected

Record truncated, showing 2048 of 2078 characters.
View Entire Change Record

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/cifs/cifsglob.h","fs/cifs/cifsproto.h","fs/cifs/misc.c","fs/cifs/smb2ops.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398","lessThan":"e8e2861cc3258dbe407d01ea8c59bb5a53132301","versionType":"git","status":"affected"},{"version":"026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398","lessThan":"fe6ea044c4f05706cb71040055b1c70c6c8275e0","versionType":"git","status":"affected"},{"version":"026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398","lessThan":"bf0543b93740916ee91956f9a63da6fc0d79daaa","versionType":"git","status":"affected"},{"version":"026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398","lessThan":"a13e51760703f71c25d5fc1f4a62dfa4b0cc80e9","versionType":"git","status":"affected"},{"version":"026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398","lessThan":"e8d16a54842d609fd4a3ed2d81d4333d6329aa94","versionType":"git","status":"affected"},{"version":"026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398","lessThan":"f7f291e14dde32a07b1f0aa06921d28f875a7b54","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/cifs/cifsglob.h","fs/cifs/cifsproto.h","fs/cifs/misc.c","fs/cifs/smb2ops.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","versionType":"semver","status":"unaffected"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","versionType":"semver","status":"unaffected"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.0.16","lessThanOrEqual":"6.0.*","versionType":"semver","status":"unaffected"},{"version":"6.1.1","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.2","lessThanOrEqual":"*","versionType":"original_commit_for_

Initial Analysis by NIST 12/01/2025 5:03:08 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.0.16 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.163 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.87 cpe:2.3:o:linux:linux_kernel::::::::* versions up to (excluding) 5.4.229 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.1 up to (excluding) 6.1.1
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/a13e51760703f71c25d5fc1f4a62dfa4b0cc80e9 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/bf0543b93740916ee91956f9a63da6fc0d79daaa Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e8d16a54842d609fd4a3ed2d81d4333d6329aa94 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e8e2861cc3258dbe407d01ea8c59bb5a53132301 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/f7f291e14dde32a07b1f0aa06921d28f875a7b54 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/fe6ea044c4f05706cb71040055b1c70c6c8275e0 Types: Patch

New CVE Received from kernel.org 9/16/2025 1:15:33 PM

Action	Type	New Value
Added	Description	Record truncated, showing 2048 of 2543 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000294f3000 [ffff0001221cf000] pgd=18000001ffff8003, p4d=18000001ffff8003, pud=18000001ff82e003, pmd=18000001ff71d003, pte=00600001221cf787 Internal error: Oops: 9600004f [#1] PREEMPT SMP ... pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) pc : __memcpy+0x40/0x230 lr : scatterwalk_copychunks+0xe0/0x200 sp : ffff800014e92de0 x29: ffff800014e92de0 x28: ffff000114f9de80 x27: 0000000000000008 x26: 0000000000000008 x25: ffff800014e92e78 x24: 0000000000000008 x23: 0000000000000001 x22: 0000040000000000 x21: ffff000000000000 x20: 0000000000000001 x19: ffff0001037c4488 x18: 0000000000000014 x17: 235e1c0d6efa9661 x16: a435f9576b6edd6c x15: 0000000000000058 x14: 0000000000000001 x13: 0000000000000008 x12: ffff000114f2e590 x11: ffffffffffffffff x10: 0000040000000000 x9 : ffff8000105c3580 x8 : 2e9413b10000001a x7 : 534b4410fb86b005 x6 : 534b4410fb86b005 x5 : ffff0001221cf008 x4 : ffff0001037c4490 x3 : 0000000000000001 x2 : 0000000000000008 x1 : ffff0001037c4488 x0 : ffff0001221cf000 Call trace: __memcpy+0x40/0x230 scatterwalk_map_and_copy+0x98/0x100 crypto_ccm_encrypt+0x150/0x180 crypto_aead_encrypt+0x2c/0x40 crypt_message+0x750/0x880 smb3_init_transform_rq+0x298/0x340 smb_send_rqst.part.11+0xd8/0x180 smb_send_rqst+0x3c/0x100 compound_send_recv+0x534/0xbc0 smb2_query_info_compound+0x32c/0x440 smb2_set_ea+0x438/0x4c0 cifs_xattr_set+0x5d4/0x7c0 This is because in scatterwalk_copychunks(), we
Added	Reference	https://git.kernel.org/stable/c/a13e51760703f71c25d5fc1f4a62dfa4b0cc80e9
Added	Reference	https://git.kernel.org/stable/c/bf0543b93740916ee91956f9a63da6fc0d79daaa
Added	Reference	https://git.kernel.org/stable/c/e8d16a54842d609fd4a3ed2d81d4333d6329aa94
Added	Reference	https://git.kernel.org/stable/c/e8e2861cc3258dbe407d01ea8c59bb5a53132301
Added	Reference	https://git.kernel.org/stable/c/f7f291e14dde32a07b1f0aa06921d28f875a7b54
Added	Reference	https://git.kernel.org/stable/c/fe6ea044c4f05706cb71040055b1c70c6c8275e0

Quick Info

CVE Dictionary Entry:
CVE-2022-50341
NVD Published Date:
09/16/2025
NVD Last Modified:
06/17/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2022-50341 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CISA-ADP 6/17/2026 1:23:16 AM

CVE Modified by kernel.org 6/17/2026 1:23:16 AM

CVE Modified by CISA-ADP 1/14/2026 2:16:04 PM

Initial Analysis by NIST 12/01/2025 5:03:08 PM

New CVE Received from kernel.org 9/16/2025 1:15:33 PM

Quick Info