CVE-2022-50307

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The channel-subsystem-driver incorrectly assumes that an I/O-subchannel's drvdata points to a struct io subchannel private for devices bound to a non-default I/O subchannel driver, such as the vfio ccw driver. This results in an out-of-bounds read access during each scan when devices are removed from the cio ignore list using a command such as echo free >/proc/cio ignore. The fix relies on a driver-independent online indication using struct subchannel->config.ena, which represents the driver’s requested subchannel-enabled state.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.