CVE-2022-50226
MEDIUMDescription
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the buffer, the sev ioctl interfaces with the issue may return uninitialized slab memory. Currently, all of the ioctl interfaces in the ccp driver are safe, but to prevent future problems, change all ioctl interfaces that allocate memory with kmalloc to use kzalloc and memset the data buffer to zero in sev_ioctl_do_platform_status.
How to fix
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploit Intelligence
Low risk: more likely to be exploited than 9% of all known CVEs.
References
Related Vulnerabilities
Other CWE-401 (Missing Release of Memory (Memory Leak)) vulnerabilities, ordered by exploit likelihood. View all
| CVE | Severity | CVSS | EPSS | Exploited | Fix |
|---|---|---|---|---|---|
| CVE-2020-13934 | High | 7.5 | 64% | - | Fix |
| CVE-2016-6304 | High | 7.5 | 63% | - | Fix |
| CVE-2019-12265 | Medium | 5.3 | 55% | - | Fix |
| CVE-2001-0136 | Medium | 5.0 | 45% | - | - |
| CVE-2016-4232 | High | 7.5 | 36% | - | - |
| CVE-2001-0543 | Medium | 5.0 | 21% | - | - |
Embed a live status badge for CVE-2022-50226
Markdown
[](https://tridentstack.com/cve/CVE-2022-50226)HTML
<a href="https://tridentstack.com/cve/CVE-2022-50226"><img src="https://tridentstack.com/cve/badge/CVE-2022-50226.svg" alt="CVE-2022-50226"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-11-19.