CVE-2022-50299

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-1085-azure #90~18.04.1-Ubuntu

Description The Linux kernel contained an issue where the snprintf function was used instead of scnprintf in the md (multiple device) module. This could lead to a warning when the total characters in block device names plus slashes exceeded 200, potentially causing a buffer overflow due to the wrapping around of the calculation “200 – len”. The issue was addressed by replacing snprintf with scnprintf, which accurately returns the number of characters written into the buffer.

Recommendations Update the Linux kernel to version 5.4.0-1085-azure #90~18.04.1-Ubuntu or a later version to resolve this issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2026-06079

CESA-2023_2951

CVE-2022-50299

OESA-2025-2533

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:03613-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03626-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2022-50299

Weakness Enumeration

Related Identifiers

Affected Products

References · 1038