SB20250916242 - Input validation error in Linux kernel trace
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916242
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-50255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the trace_string() and trace_event_raw_event_synth() functions in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0934ae9977c27133449b6dd8c6213970e7eece38
- https://git.kernel.org/stable/c/149198d0b884e4606ed1d29b330c70016d878276
- https://git.kernel.org/stable/c/d9c79fbcbdb6cb10c07c85040eaf615180b26c48
- https://git.kernel.org/stable/c/f8bae1853196b52ede50950387f5b48cf83b9815
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3