PT-2025-53946 · Linux · Linux Kernel

Published

2025-12-30

Updated

2026-02-24

CVE-2022-50828

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty

Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading to a missing null terminator and potential buffer overflow. The issue was identified through Kernel Address Sanitizer (KASAN) reporting a bug in the zynqmp clock probe function. The Linux-ATF interface uses 16 bytes of SMC payload, and when the clock name is longer than 15 bytes, the null terminator is not correctly received by Linux.

Recommendations Update to Linux kernel version 5.4.0-00396-g81ef9e7-dirty or a later version to address this issue.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-50828

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0350-1

SUSE-SU-2026:0369-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-53946 · Linux · Linux Kernel

CVE-2022-50828

Related Identifiers

Affected Products

References · 983