Homepage

Buffer Overflow The advisory has been revoked - it doesn't affect any version of package kernel-cross-headers  (opens in a new tab)

Threat Intelligence

EPSS
0.03% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-KERNELCROSSHEADERS-11955878
  • published18 Aug 2025
  • disclosed18 Jun 2025
Report a new vulnerability Found a mistake?

Introduced: 18 Jun 2025

CVE-2022-50131  (opens in a new tab)
CWE-120  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers package and not the kernel-cross-headers package as distributed by RHEL.

In the Linux kernel, the following vulnerability has been resolved:

HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()

Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() '&mcp->txbuf[5]' too small (59 vs 255) drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf' too small (34 vs 255)

The 'len' variable can take a value between 0-255 as it can come from data->block[0] and it is user data. So add an bound check to prevent a buffer overflow in memcpy().