CVE-2022-50647
Description
In the Linux kernel, the following vulnerability has been resolved:
RISC-V: Make port I/O string accessors actually work
Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested location, which in turn breaks at least accesses made by our parport driver to a PCIe parallel port such as:
PCI parallel port detected: 1415:c118, I/O at 0x1000(0x1008), IRQ 20 parport0: PC-style at 0x1000 (0x1008), irq 20, using FIFO [PCSPP,TRISTATE,COMPAT,EPP,ECP]
causing a memory access fault:
Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000001008 Oops [#1] Modules linked in: CPU: 1 PID: 350 Comm: cat Not tainted 6.0.0-rc2-00283-g10d4879f9ef0-dirty #23 Hardware name: SiFive HiFive Unmatched A00 (DT) epc : parport_pc_fifo_write_block_pio+0x266/0x416 ra : parport_pc_fifo_write_block_pio+0xb4/0x416 epc : ffffffff80542c3e ra : ffffffff80542a8c sp : ffffffd88899fc60 gp : ffffffff80fa2700 tp : ffffffd882b1e900 t0 : ffffffd883d0b000 t1 : ffffffffff000002 t2 : 4646393043330a38 s0 : ffffffd88899fcf0 s1 : 0000000000001000 a0 : 0000000000000010 a1 : 0000000000000000 a2 : ffffffd883d0a010 a3 : 0000000000000023 a4 : 00000000ffff8fbb a5 : ffffffd883d0a001 a6 : 0000000100000000 a7 : ffffffc800000000 s2 : ffffffffff000002 s3 : ffffffff80d28880 s4 : ffffffff80fa1f50 s5 : 0000000000001008 s6 : 0000000000000008 s7 : ffffffd883d0a000 s8 : 0004000000000000 s9 : ffffffff80dc1d80 s10: ffffffd8807e4000 s11: 0000000000000000 t3 : 00000000000000ff t4 : 393044410a303930 t5 : 0000000000001000 t6 : 0000000000040000 status: 0000000200000120 badaddr: 0000000000001008 cause: 000000000000000f [] parport_pc_compat_write_block_pio+0xfe/0x200 [] parport_write+0x46/0xf8 [] lp_write+0x158/0x2d2 [] vfs_write+0x8e/0x2c2 [] ksys_write+0x52/0xc2 [] sys_write+0xe/0x16 [] ret_from_syscall+0x0/0x2 ---[ end trace 0000000000000000 ]---
For simplicity address the problem by adding PCI_IOBASE to the physical address requested in the respective wrapper macros only, observing that the raw accessors such as __insb', __outsb', etc. are not supposed to be used other than by said macros. Remove the cast to long' that is no longer needed on addr' now that it is used as an offset from PCI_IOBASE and add parentheses around `addr' needed for predictable evaluation in macro expansion. No need to make said adjustments in separate changes given that current code is gravely broken and does not ever work.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
RISC-V Linux kernel port I/O string accessors use physical PCI addresses instead of memory-mapped memory, causing memory access faults.
Vulnerability
Description
CVE-2022-50647 is a bug in the Linux kernel's RISC-V architecture support. The port I/O string accessors (e.g., insb, outsb) incorrectly use the physical PCI port I/O address rather than the corresponding memory-mapped I/O address to access the requested location. This root cause leads to a memory access fault when drivers, such as the parport driver for a PCIe parallel port, attempt to perform I/O operations.
Exploitation
An attacker can trigger this vulnerability by using a PCIe parallel port device (e.g., 1415:c118) on a RISC-V system running an affected RISC-V Linux kernel. The attack surface is local; the attacker needs to be able to interact with the parallel port device, for example by writing to it via the lp driver. No special privileges are required beyond access to the device file, but the attacker must have the ability to cause I/O operations that invoke the broken string accessors. The bug manifests as a kernel oops due to an attempted access to an unmapped user-space address (e.g., 0x1008), as shown in the official description.
Impact
Successful exploitation results in a kernel crash (Oops) due to an unhandled memory access fault. This can lead to a denial of service (DoS) for the affected system. The crash trace shows the fault occurs in parport_pc_fifo_write_block_pio and propagates up through the parallel port and lp drivers, ultimately causing the system to become unstable or hang. No privilege escalation or data leakage is described in the available sources.
Mitigation
The vulnerability is fixed in the Linux kernel stable releases. The commit references [1] and [2] (both pointing to kernel.org stable commits) indicate that patches have been applied to the stable kernel trees. Users should update their kernel to a version that includes the fix. No workaround is mentioned in the provided references.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: A00
Patches
62c60db6869fe2ce9fab94b8ddc235db7b79a140b2b92dbef1acee46169309cc205e3c17dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/140b2b92dbefffa7f4f7211a1fd399a6e79e71c4nvd
- git.kernel.org/stable/c/1acee4616930fc07265cb8e539753a8062daa8e0nvd
- git.kernel.org/stable/c/2c60db6869fe5213471fcf4fe5704dc29da8b5eenvd
- git.kernel.org/stable/c/2ce9fab94b8db61f014e43ddf80dd1524ae6dff4nvd
- git.kernel.org/stable/c/9cc205e3c17d5716da7ebb7fa0c985555e95d009nvd
- git.kernel.org/stable/c/dc235db7b79a352d07d62e8757ad856dbf1564c1nvd
News mentions
0No linked articles in our index yet.