{"id":"CVE-2022-50394","summary":"i2c: ismt: Fix an out-of-bounds bug in ismt_access()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: ismt: Fix an out-of-bounds bug in ismt_access()\n\nWhen the driver does not check the data from the user, the variable\n'data-\u003eblock[0]' may be very large to cause an out-of-bounds bug.\n\nThe following log can reveal it:\n\n[   33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20\n[   33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA:  WRITE\n[   33.996475] ==================================================================\n[   33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b\n[   33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485\n[   33.999450] Call Trace:\n[   34.001849]  memcpy+0x20/0x60\n[   34.002077]  ismt_access.cold+0x374/0x214b\n[   34.003382]  __i2c_smbus_xfer+0x44f/0xfb0\n[   34.004007]  i2c_smbus_xfer+0x10a/0x390\n[   34.004291]  i2cdev_ioctl_smbus+0x2c8/0x710\n[   34.005196]  i2cdev_ioctl+0x5ec/0x74c\n\nFix this bug by checking the size of 'data-\u003eblock[0]' first.","modified":"2026-04-11T12:44:57.084618Z","published":"2025-09-18T13:33:12.992Z","related":["SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4189-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50394.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03b7ef7a6c5ca1ff553470166b4919db88b810f6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/233348a04becf133283f0076e20b317302de21d9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/39244cc754829bf707dccd12e2ce37510f5b1f8d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4a7bb1d93addb2f67e36fed00a53cb7f270d7b7a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/96c12fd0ec74641295e1c3c34dea3dce1b6c3422"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ac541a0898e8ec187a3fa7024b9701cffae6bf2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a642469d464b2780a25a49b51ae56623c65eac34"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bfe41d966c860a8ad4c735639d616da270c92735"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50394.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50394"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"13f35ac14cd0a9a1c4f0034c4c40d0ae98844ce9"},{"fixed":"4a7bb1d93addb2f67e36fed00a53cb7f270d7b7a"},{"fixed":"03b7ef7a6c5ca1ff553470166b4919db88b810f6"},{"fixed":"bfe41d966c860a8ad4c735639d616da270c92735"},{"fixed":"cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd"},{"fixed":"9ac541a0898e8ec187a3fa7024b9701cffae6bf2"},{"fixed":"96c12fd0ec74641295e1c3c34dea3dce1b6c3422"},{"fixed":"a642469d464b2780a25a49b51ae56623c65eac34"},{"fixed":"233348a04becf133283f0076e20b317302de21d9"},{"fixed":"39244cc754829bf707dccd12e2ce37510f5b1f8d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50394.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.9.0"},{"fixed":"4.9.337"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.303"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.270"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50394.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}