CVE-2022-50553

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc8+

Description The Linux kernel tracing subsystem contained a flaw in the tracing/hist component. Specifically, an out-of-bounds write could occur on the action data.var ref idx array when generating a synthetic event with a large number of parameters. This condition could lead to a kernel panic. The issue stemmed from a mismatch in the allocated size of the data->var ref idx array (TRACING MAP VARS MAX, currently 16) compared to the potential number of parameters in a synthetic event (up to SYNTH FIELDS MAX, currently 64). The vulnerability was triggered when the number of parameters exceeded the array's capacity, resulting in an overwrite of the data->match data.event field and ultimately causing the system to crash.

Recommendations Update to a newer version of the Linux kernel that addresses this issue.