CVE-2022-50425

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's x86/fpu component, specifically within the copy xstate to uabi() function. This issue arises when an extended state component is present in the initial state (init fpstate) but not in the current floating-point state (fpstate). The function attempts to copy data from init fpstate via copy feature(), leading to a kernel NULL pointer dereference when dynamic states are not present in init fpstate. This can cause a system crash. The fix involves adjusting a 'mask' to zero out the userspace buffer for features unavailable in both fpstate and init fpstate. The dynamic features rely on the compacted XSAVE format, which must be enabled before reading XCOMP BV in init fpstate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.