PT-2025-26152 · Linux+2 · Linux Kernel+2

Published

2025-06-18

·

Updated

2025-08-18

·

CVE-2022-50226

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A kernel memory leak issue has been identified in the Linux kernel's crypto subsystem, specifically in the ccp driver. The problem occurs when input passed to certain sev ioctl interfaces is less than or equal to SEV FW BLOB MAX SIZE but larger than the data returned by PSP firmware. This causes kmalloc to allocate memory based on the input size rather than the data size, potentially leading to the return of uninitialized slab memory. To prevent this issue, the ioctl interfaces in the ccp driver have been modified to use kzalloc and memset the data buffer to zero.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2026-05852
CVE-2022-50226
RHSA-2023:2458
RHSA-2023:2951
SUSE-SU-2025:02264-1
SUSE-SU-2025:02321-1
SUSE-SU-2025:02322-1
SUSE-SU-2025:02537-1
SUSE-SU-2025:02846-1
SUSE-SU-2025:2264-1
SUSE-SU-2025_02264-1
SUSE-SU-2025_02537-1
SUSE-SU-2025_02846-1

Affected Products

Astra Linux
Linux Kernel
Suse