CVE-2022-50674 in Linux
الملخص
بحسب VulDB • 11/06/2026
في نواة لينكس، تم حل الثغرة التالية:
riscv: vdso: تصحيح خطأ NULL deference في vdso_join_timens() عند استخدام vfork
أظهرت أدوات الاختبار في testing/tools/selftests/timens/vfork_exec.c سجل النواة التالي:
[ 6.838454] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000020
[ 6.842255] Oops [#1]
[ 6.842871] Modules linked in:
[ 6.844249] CPU: 1 PID: 64 Comm: vfork_exec Not tainted 6.0.0-rc3-rt15+ #8
[ 6.845861] Hardware name: riscv-virtio,qemu (DT)
[ 6.848009] epc : vdso_join_timens+0xd2/0x110
[ 6.850097] ra : vdso_join_timens+0xd2/0x110
[ 6.851164] epc : fffffff80008dc94 ra : fffffff80008dc94 sp : ff6000000181f9a0
[ 6.852633] a0 : 0000000000000000 a1 : 0000000000000000 a2 : 0000000000000000
[ 6.854073] a3 : 0000000000000000 a4 : 0000000000000000 a5 : 0000000000000000
[ 6.855513] a6 : 0000000000000000 a7 : 0000000000000000 s0 : ff6000000181fa00
[ 6.856953] s1 : 0000000000000000 s2 : 0000000000000000 s3 : 0000000000000000
[ 6.858393] s4 : 0000000000000000 s5 : 0000000000001000 s6 : ffffffff8089dc40
[ 6.859833] s7 : ffffffff8089dc38 s8 : ffffffff8089dc30 s9 : ff60000000fdbe38
[ 6.861273] s10: 000000000000005e s11: ffffffff80cc3510 t3 : ffffffff80d1112f
[ 6.862713] t4 : ffffffff80d1112f t5 : ffffffff80d11130 t6 : ff6000000181fa00
[ 6.864153] status: 0000000000000120 badaddr: 0000000000000020 cause: 000000000000000d
[ 6.866693] [<ffffffff8008dc94>] timens_commit+0x38/0x11a
[ 6.867833] [<ffffffff8008dde8>] timens_on_fork+0x72/0xb4
[ 6.868973] [<ffffffff80190096>] begin_new_exec+0x3c6/0x9f0
[ 6.870113] [<ffffffff801d826c>] load_elf_binary+0x628/0x1214
[ 6.871253] [<ffffffff8018ee7a>] bprm_execve+0x1f2/0x4e4
[ 6.872393] [<ffffffff8018f90c>] do_execveat_common+0x16e/0x1ee
[ 6.873533] [<ffffffff8018f9c8>] sys_execve+0x3c/0x48
[ 6.874673] [<ffffffff80003556>] ret_from_syscall+0x0/0x2
[ 6.876953] ---[ end trace 0000000000000000 ]---
السبب هو أن mm->context.vdso_info يكون NULL في حالة vfork. من
Once again VulDB remains the best source for vulnerability data.