VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2022-50657

CVE-2022-50657

Description

In the Linux kernel, the following vulnerability has been resolved:

riscv: mm: add missing memcpy in kasan_init

Hi Atish,

It seems that the panic is due to the missing memcpy during kasan_init. Could you please check whether this patch is helpful?

When doing kasan_populate, the new allocated base_pud/base_p4d should contain kasan_early_shadow_{pud, p4d}'s content. Add the missing memcpy to avoid page fault when read/write kasan shadow region.

Tested on: - qemu with sv57 and CONFIG_KASAN on. - qemu with sv48 and CONFIG_KASAN on.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing memcpy in Linux kernel's kasan_init for RISC-V causes kernel panic when accessing KASAN shadow memory during boot.

Vulnerability

Overview

The vulnerability is a missing memcpy operation in the kasan_init function for the RISC-V architecture in the Linux kernel [1]. When kasan_populate is called during KASAN initialization, newly allocated page table entries (base_pud/base_p4d) must copy the content from kasan_early_shadow_{pud, p4d} structures. Without this memcpy, the shadow memory region is left unpopulated, leading to a page fault when the kernel attempts to read or write to the KASAN shadow area [1].

Exploitation and

Impact

This bug is triggered during early boot on RISC-V systems that enable KASAN (Kernel Address Sanitizer). The attacker does not need direct access to the system, but the vulnerability manifests as a kernel panic, causing a denial of service (DoS) [1]. The missing copy leaves page tables in an inconsistent state, so any access to the shadow region — part of normal KASAN operation — results in a fault that crashes the system [1].

Mitigation

The fix adds the required memcpy to ensure that the page table entries correctly reference the early shadow structures. The patch has been applied to the stable kernel tree and is identified by commit ff0f6becf3a6 [1]. Affected users should update to a kernel containing this commit to prevent boot panics when KASAN is enabled on RISC-V [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

2
ff0f6becf3a6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9f2ac64d6ca6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.