CVE-2022-50756
Published: Dec 24, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was previously rounding this to 1 list, but we can require 2 in the worst case. In that scenario, the driver would corrupt memory beyond the size provided by the mempool. While unlikely to occur (you'd need a 4MB in exactly 127 phys segments on a queue that doesn't support SGLs), this memory corruption has been observed by kfence.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 943e942e6266f22babee5efeb00f8f672fbff5bd - < dfb6d54893d544151e7f480bc44cfe7823f5ad23affected 943e942e6266f22babee5efeb00f8f672fbff5bd - < 9141144b37f30e3e7fa024bcfa0a13011e546ba9affected 943e942e6266f22babee5efeb00f8f672fbff5bd - < e1777b4286e526c58b4ee699344b0ad85aaf83a0affected 943e942e6266f22babee5efeb00f8f672fbff5bd - < b1814724e0d7162bdf4799f2d565381bc2251c63affected 943e942e6266f22babee5efeb00f8f672fbff5bd - < c89a529e823d51dd23c7ec0c047c7a454a428541 |
Linux | Linux | affected 4.18unaffected 0 - < 4.18unaffected 5.10.163 - <= 5.10.*unaffected 5.15.87 - <= 5.15.*unaffected 6.0.17 - <= 6.0.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now