{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2022-50315", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T14:18:36.813Z", "datePublished": "2025-09-15T14:46:10.177Z", "dateUpdated": "2026-05-11T19:16:56.274Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:16:56.274Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS\n\nUBSAN complains about array-index-out-of-bounds:\n[ 1.980703] kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41\n[ 1.980709] kernel: index 15 is out of range for type 'ahci_em_priv [8]'\n[ 1.980713] kernel: CPU: 0 PID: 209 Comm: scsi_eh_8 Not tainted 5.15.0-25-generic #25-Ubuntu\n[ 1.980716] kernel: Hardware name: System manufacturer System Product Name/P5Q3, BIOS 1102 06/11/2010\n[ 1.980718] kernel: Call Trace:\n[ 1.980721] kernel: \n[ 1.980723] kernel: show_stack+0x52/0x58\n[ 1.980729] kernel: dump_stack_lvl+0x4a/0x5f\n[ 1.980734] kernel: dump_stack+0x10/0x12\n[ 1.980736] kernel: ubsan_epilogue+0x9/0x45\n[ 1.980739] kernel: __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 1.980742] kernel: ahci_qc_issue+0x166/0x170 [libahci]\n[ 1.980748] kernel: ata_qc_issue+0x135/0x240\n[ 1.980752] kernel: ata_exec_internal_sg+0x2c4/0x580\n[ 1.980754] kernel: ? vprintk_default+0x1d/0x20\n[ 1.980759] kernel: ata_exec_internal+0x67/0xa0\n[ 1.980762] kernel: sata_pmp_read+0x8d/0xc0\n[ 1.980765] kernel: sata_pmp_read_gscr+0x3c/0x90\n[ 1.980768] kernel: sata_pmp_attach+0x8b/0x310\n[ 1.980771] kernel: ata_eh_revalidate_and_attach+0x28c/0x4b0\n[ 1.980775] kernel: ata_eh_recover+0x6b6/0xb30\n[ 1.980778] kernel: ? ahci_do_hardreset+0x180/0x180 [libahci]\n[ 1.980783] kernel: ? ahci_stop_engine+0xb0/0xb0 [libahci]\n[ 1.980787] kernel: ? ahci_do_softreset+0x290/0x290 [libahci]\n[ 1.980792] kernel: ? trace_event_raw_event_ata_eh_link_autopsy_qc+0xe0/0xe0\n[ 1.980795] kernel: sata_pmp_eh_recover.isra.0+0x214/0x560\n[ 1.980799] kernel: sata_pmp_error_handler+0x23/0x40\n[ 1.980802] kernel: ahci_error_handler+0x43/0x80 [libahci]\n[ 1.980806] kernel: ata_scsi_port_error_handler+0x2b1/0x600\n[ 1.980810] kernel: ata_scsi_error+0x9c/0xd0\n[ 1.980813] kernel: scsi_error_handler+0xa1/0x180\n[ 1.980817] kernel: ? scsi_unjam_host+0x1c0/0x1c0\n[ 1.980820] kernel: kthread+0x12a/0x150\n[ 1.980823] kernel: ? set_kthread_struct+0x50/0x50\n[ 1.980826] kernel: ret_from_fork+0x22/0x30\n[ 1.980831] kernel: \n\nThis happens because sata_pmp_init_links() initialize link->pmp up to\nSATA_PMP_MAX_PORTS while em_priv is declared as 8 elements array.\n\nI can't find the maximum Enclosure Management ports specified in AHCI\nspec v1.3.1, but \"12.2.1 LED message type\" states that \"Port Multiplier\nInformation\" can utilize 4 bits, which implies it can support up to 16\nports. Hence, use SATA_PMP_MAX_PORTS as EM_MAX_SLOTS to resolve the\nissue.\n\nBugLink: https://bugs.launchpad.net/bugs/1970074" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/ata/ahci.h" ], "versions": [ { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "f70bd4339cb68bc7e206af4c922bc0d249244403", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "da2ea4a961d9f89ed248734e7032350c260dc3a3", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "67a00c299c5c143817c948fbc7de1a2fa1af38fb", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "383b7c50f5445ff8dbbf03080905648d6980c39d", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "303d0f761431d848dd8d7ff9fd9b8c101879cabe", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "8fbe13de1cc7cef2564be3cbf60400b33eee023b", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "d6314d5f68764550c84d732ce901ddd3ac6b415f", "status": "affected", "versionType": "git" }, { "version": "18f7ba4c2f4be6b37d925931f04d6cc28d88d1ee", "lessThan": "1e41e693f458eef2d5728207dbd327cd3b16580a", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/ata/ahci.h" ], "versions": [ { "version": "2.6.27", "status": "affected" }, { "version": "0", "lessThan": "2.6.27", "status": "unaffected", "versionType": "semver" }, { "version": "4.9.332", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.14.298", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.19.264", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.221", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.152", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.76", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.0.6", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "4.9.332" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "4.14.298" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "4.19.264" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "5.4.221" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "5.10.152" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "5.15.76" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.0.6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.27", "versionEndExcluding": "6.1" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/f70bd4339cb68bc7e206af4c922bc0d249244403" }, { "url": "https://git.kernel.org/stable/c/da2ea4a961d9f89ed248734e7032350c260dc3a3" }, { "url": "https://git.kernel.org/stable/c/67a00c299c5c143817c948fbc7de1a2fa1af38fb" }, { "url": "https://git.kernel.org/stable/c/383b7c50f5445ff8dbbf03080905648d6980c39d" }, { "url": "https://git.kernel.org/stable/c/303d0f761431d848dd8d7ff9fd9b8c101879cabe" }, { "url": "https://git.kernel.org/stable/c/8fbe13de1cc7cef2564be3cbf60400b33eee023b" }, { "url": "https://git.kernel.org/stable/c/d6314d5f68764550c84d732ce901ddd3ac6b415f" }, { "url": "https://git.kernel.org/stable/c/1e41e693f458eef2d5728207dbd327cd3b16580a" } ], "title": "ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS", "x_generator": { "engine": "bippy-1.2.0" } } } }