{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:25:21.247","vulnerabilities":[{"cve":{"id":"CVE-2022-50425","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-10-01T12:15:33.987","lastModified":"2026-01-20T20:14:12.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly\n\nWhen an extended state component is not present in fpstate, but in init\nstate, the function copies from init_fpstate via copy_feature().\n\nBut, dynamic states are not present in init_fpstate because of all-zeros\ninit states. Then retrieving them from init_fpstate will explode like this:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ...\n RIP: 0010:memcpy_erms+0x6/0x10\n  ? __copy_xstate_to_uabi_buf+0x381/0x870\n  fpu_copy_guest_fpstate_to_uabi+0x28/0x80\n  kvm_arch_vcpu_ioctl+0x14c/0x1460 [kvm]\n  ? __this_cpu_preempt_check+0x13/0x20\n  ? vmx_vcpu_put+0x2e/0x260 [kvm_intel]\n  kvm_vcpu_ioctl+0xea/0x6b0 [kvm]\n  ? kvm_vcpu_ioctl+0xea/0x6b0 [kvm]\n  ? __fget_light+0xd4/0x130\n  __x64_sys_ioctl+0xe3/0x910\n  ? debug_smp_processor_id+0x17/0x20\n  ? fpregs_assert_state_consistent+0x27/0x50\n  do_syscall_64+0x3f/0x90\n  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAdjust the 'mask' to zero out the userspace buffer for the features that\nare not available both from fpstate and from init_fpstate.\n\nThe dynamic features depend on the compacted XSAVE format. Ensure it is\nenabled before reading XCOMP_BV in init_fpstate."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.0.7","matchCriteriaId":"65D387F0-209C-4EAD-98BA-C4B430A840C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*","matchCriteriaId":"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/471f0aa7fa64e23766a1473b32d9ec3f0718895a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ff29642fd28965a8f8d6d326ac91bf6075f3113","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}