PT-2025-25984 · Linux+2 · Linux Kernel+2

Published

2022-08-11

Updated

2025-06-18

CVE-2022-50058

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the vdpa sim blk device, where two new fields (nas, ngroups) were added to vdpasim dev attr but not initialized, causing a kernel panic when creating a new vdpa sim blk device. The panic occurs due to a NULL pointer dereference in the vhost iotlb add range ctx function. The vulnerability is caused by vdpasim->iommu[0] not being initialized when dev attr.nas is 0.

Recommendations To resolve the issue, initialize both nas and ngroups to 1 for vdpa sim blk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

BDU:2026-04876

CVE-2022-50058

RHSA-2023:2458

RHSA-2023_2458

Affected Products

Astra Linux

Linux Kernel

Red Hat

PT-2025-25984 · Linux+2 · Linux Kernel+2

CVE-2022-50058

Weakness Enumeration

Related Identifiers

Affected Products

References · 16