CVE-2022-50518

HIGH
2025-10-07 416baaa9-dc9f-4396-8d5f-8c081fb06d67
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Oct 07, 2025 - 16:15 nvd
HIGH 7.8

Tags

Linux Buffer Overflow Race Condition Linux Kernel Redhat Suse

Description

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock spinlock to protect parallel modifications of the iodc_dbuf[] buffer, check length to prevent buffer overflow of iodc_dbuf[], drop the iodc_retbuf[] buffer and fix some wrong indentings.

Analysis

A race condition vulnerability exists in the Linux kernel's parisc architecture-specific firmware call pdc_iodc_print() that allows local attackers to cause buffer overflows and potentially execute arbitrary code. The vulnerability affects Linux kernel versions from 2.6.25 through versions before the patched releases, requiring local access with low privileges to exploit. With an EPSS score of only 0.01%, this vulnerability has very low exploitation likelihood in the wild despite its high CVSS score of 7.8.

Technical Context

The vulnerability occurs in the PA-RISC (parisc) architecture-specific code within the Linux kernel, specifically in the pdc_iodc_print() firmware call function that interfaces with the Processor Dependent Code (PDC) firmware. The root cause is improper synchronization (CWE-667) where the pdc_lock spinlock was not properly utilized to protect the iodc_dbuf[] buffer from concurrent modifications by multiple threads. This creates a race condition where simultaneous access to the buffer can lead to buffer overflows, as the function also failed to properly validate buffer lengths before writing data.

Affected Products

The vulnerability affects Linux kernel versions starting from 2.6.25 (including release candidates rc6 through rc9) up to versions before the patches were applied. Based on the CPE identifiers (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* and cpe:2.3:o:linux:linux_kernel:2.6.25:*), all Linux kernel versions within this range running on PA-RISC architecture systems are vulnerable. The patches were integrated into the stable kernel branches as referenced in the git.kernel.org commit links provided.

Remediation

Apply the available kernel patches by updating to a patched Linux kernel version that includes commits 04a603058e70b8b881bb7860b8bd649f931f2591, 553bc5890ed96a8d006224c3a4673c47fee0d12a, or 7236aae5f81f3efbd93d0601e74fc05994bc2580 depending on your kernel branch (see https://git.kernel.org/stable/c/ links). For systems that cannot be immediately patched, limit local access to trusted users only and monitor for unusual system behavior or crashes related to firmware calls. Note that this vulnerability only affects PA-RISC architecture systems, so x86, ARM, and other architectures are not impacted.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Vendor Status

Share

CVE-2022-50518 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy