PT-2025-26006 · Linux+3 · Linux Kernel+3

Published

2024-04-30

Updated

2025-11-18

CVE-2022-50080

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0

Description The issue arises from an integer overflow in the register shm helper() function when calculating the number of pages covered by a user-supplied memory region. This causes a NULL pointer dereference in the internal get user pages fast() function, a helper function of pin user pages fast(). The error occurs when the tee shm register user buf() function fails to validate user space addresses, leading to a kernel NULL pointer dereference.

Recommendations For Linux kernel versions prior to 5.19.0, consider adding an explicit call to access ok() in tee shm register user buf() to catch invalid user space addresses early. As a temporary workaround, restrict the use of the register shm helper() function until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2022-50080

OESA-2025-1726

RHSA-2024:2394

RHSA-2024_2394

SUSE-SU-2025:03204-1

SUSE-SU-2025_03204-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

PT-2025-26006 · Linux+3 · Linux Kernel+3

CVE-2022-50080

Weakness Enumeration

Related Identifiers

Affected Products

References · 162