{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50756","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T13:02:21.545Z","datePublished":"2025-12-24T13:05:49.635Z","dateUpdated":"2026-05-11T19:24:54.737Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:24:54.737Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix mempool alloc size\n\nConvert the max size to bytes to match the units of the divisor that\ncalculates the worst-case number of PRP entries.\n\nThe result is used to determine how many PRP Lists are required. The\ncode was previously rounding this to 1 list, but we can require 2 in the\nworst case. In that scenario, the driver would corrupt memory beyond the\nsize provided by the mempool.\n\nWhile unlikely to occur (you'd need a 4MB in exactly 127 phys segments\non a queue that doesn't support SGLs), this memory corruption has been\nobserved by kfence."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/nvme/host/pci.c"],"versions":[{"version":"943e942e6266f22babee5efeb00f8f672fbff5bd","lessThan":"dfb6d54893d544151e7f480bc44cfe7823f5ad23","status":"affected","versionType":"git"},{"version":"943e942e6266f22babee5efeb00f8f672fbff5bd","lessThan":"9141144b37f30e3e7fa024bcfa0a13011e546ba9","status":"affected","versionType":"git"},{"version":"943e942e6266f22babee5efeb00f8f672fbff5bd","lessThan":"e1777b4286e526c58b4ee699344b0ad85aaf83a0","status":"affected","versionType":"git"},{"version":"943e942e6266f22babee5efeb00f8f672fbff5bd","lessThan":"b1814724e0d7162bdf4799f2d565381bc2251c63","status":"affected","versionType":"git"},{"version":"943e942e6266f22babee5efeb00f8f672fbff5bd","lessThan":"c89a529e823d51dd23c7ec0c047c7a454a428541","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/nvme/host/pci.c"],"versions":[{"version":"4.18","status":"affected"},{"version":"0","lessThan":"4.18","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.17","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.3","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.15.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.0.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.1.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dfb6d54893d544151e7f480bc44cfe7823f5ad23"},{"url":"https://git.kernel.org/stable/c/9141144b37f30e3e7fa024bcfa0a13011e546ba9"},{"url":"https://git.kernel.org/stable/c/e1777b4286e526c58b4ee699344b0ad85aaf83a0"},{"url":"https://git.kernel.org/stable/c/b1814724e0d7162bdf4799f2d565381bc2251c63"},{"url":"https://git.kernel.org/stable/c/c89a529e823d51dd23c7ec0c047c7a454a428541"}],"title":"nvme-pci: fix mempool alloc size","x_generator":{"engine":"bippy-1.2.0"}}}}