{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50828","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:06:07.132Z","datePublished":"2025-12-30T12:10:50.757Z","dateUpdated":"2026-05-11T19:25:54.242Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:25:54.242Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: zynqmp: Fix stack-out-of-bounds in strncpy`\n\n\"BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68\"\n\nLinux-ATF interface is using 16 bytes of SMC payload. In case clock name is\nlonger than 15 bytes, string terminated NULL character will not be received\nby Linux. Add explicit NULL character at last byte to fix issues when clock\nname is longer.\n\nThis fixes below bug reported by KASAN:\n\n ==================================================================\n BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68\n Read of size 1 at addr ffff0008c89a7410 by task swapper/0/1\n\n CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.4.0-00396-g81ef9e7-dirty #3\n Hardware name: Xilinx Versal vck190 Eval board revA (QSPI) (DT)\n Call trace:\n  dump_backtrace+0x0/0x1e8\n  show_stack+0x14/0x20\n  dump_stack+0xd4/0x108\n  print_address_description.isra.0+0xbc/0x37c\n  __kasan_report+0x144/0x198\n  kasan_report+0xc/0x18\n  __asan_load1+0x5c/0x68\n  strncpy+0x30/0x68\n  zynqmp_clock_probe+0x238/0x7b8\n  platform_drv_probe+0x6c/0xc8\n  really_probe+0x14c/0x418\n  driver_probe_device+0x74/0x130\n  __device_attach_driver+0xc4/0xe8\n  bus_for_each_drv+0xec/0x150\n  __device_attach+0x160/0x1d8\n  device_initial_probe+0x10/0x18\n  bus_probe_device+0xe0/0xf0\n  device_add+0x528/0x950\n  of_device_add+0x5c/0x80\n  of_platform_device_create_pdata+0x120/0x168\n  of_platform_bus_create+0x244/0x4e0\n  of_platform_populate+0x50/0xe8\n  zynqmp_firmware_probe+0x370/0x3a8\n  platform_drv_probe+0x6c/0xc8\n  really_probe+0x14c/0x418\n  driver_probe_device+0x74/0x130\n  device_driver_attach+0x94/0xa0\n  __driver_attach+0x70/0x108\n  bus_for_each_dev+0xe4/0x158\n  driver_attach+0x30/0x40\n  bus_add_driver+0x21c/0x2b8\n  driver_register+0xbc/0x1d0\n  __platform_driver_register+0x7c/0x88\n  zynqmp_firmware_driver_init+0x1c/0x24\n  do_one_initcall+0xa4/0x234\n  kernel_init_freeable+0x1b0/0x24c\n  kernel_init+0x10/0x110\n  ret_from_fork+0x10/0x18\n\n The buggy address belongs to the page:\n page:ffff0008f9be1c88 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0\n raw: 0008d00000000000 ffff0008f9be1c90 ffff0008f9be1c90 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff\n page dumped because: kasan: bad access detected\n\n addr ffff0008c89a7410 is located in stack of task swapper/0/1 at offset 112 in frame:\n  zynqmp_clock_probe+0x0/0x7b8\n\n this frame has 3 objects:\n  [32, 44) 'response'\n  [64, 80) 'ret_payload'\n  [96, 112) 'name'\n\n Memory state around the buggy address:\n  ffff0008c89a7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  ffff0008c89a7380: 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2 00 00 f2 f2\n >ffff0008c89a7400: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n                          ^\n  ffff0008c89a7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  ffff0008c89a7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n =================================================================="}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/clk/zynqmp/clkc.c"],"versions":[{"version":"5852b1365df4414523210e444ac7df1dec09acb4","lessThan":"5dbfcf7b080306b65d9f756fadf46c9495793750","status":"affected","versionType":"git"},{"version":"5852b1365df4414523210e444ac7df1dec09acb4","lessThan":"d9e2585c3bcecb1c83febad31b9f450e93d2509e","status":"affected","versionType":"git"},{"version":"5852b1365df4414523210e444ac7df1dec09acb4","lessThan":"0a07b13af04d0db7325018aaa83b5ffe864790c9","status":"affected","versionType":"git"},{"version":"5852b1365df4414523210e444ac7df1dec09acb4","lessThan":"d66fea97671fcb516bd6d34bcc033f650ac7ee91","status":"affected","versionType":"git"},{"version":"5852b1365df4414523210e444ac7df1dec09acb4","lessThan":"bce41e4ac6f5ca3b22a07e8cdadc12044bbf9d3b","status":"affected","versionType":"git"},{"version":"5852b1365df4414523210e444ac7df1dec09acb4","lessThan":"dd80fb2dbf1cd8751efbe4e53e54056f56a9b115","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/clk/zynqmp/clkc.c"],"versions":[{"version":"5.2","status":"affected"},{"version":"0","lessThan":"5.2","status":"unaffected","versionType":"semver"},{"version":"5.4.220","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.150","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.4.220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.10.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5dbfcf7b080306b65d9f756fadf46c9495793750"},{"url":"https://git.kernel.org/stable/c/d9e2585c3bcecb1c83febad31b9f450e93d2509e"},{"url":"https://git.kernel.org/stable/c/0a07b13af04d0db7325018aaa83b5ffe864790c9"},{"url":"https://git.kernel.org/stable/c/d66fea97671fcb516bd6d34bcc033f650ac7ee91"},{"url":"https://git.kernel.org/stable/c/bce41e4ac6f5ca3b22a07e8cdadc12044bbf9d3b"},{"url":"https://git.kernel.org/stable/c/dd80fb2dbf1cd8751efbe4e53e54056f56a9b115"}],"title":"clk: zynqmp: Fix stack-out-of-bounds in strncpy`","x_generator":{"engine":"bippy-1.2.0"}}}}