{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50182", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.427Z", "datePublished": "2025-06-18T11:03:30.943Z", "dateUpdated": "2025-06-18T11:03:30.943Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-18T11:03:30.943Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Align upwards buffer size\n\nThe hardware can support any image size WxH,\nwith arbitrary W (image width) and H (image height) dimensions.\n\nAlign upwards buffer size for both encoder and decoder.\nand leave the picture resolution unchanged.\n\nFor decoder, the risk of memory out of bounds can be avoided.\nFor both encoder and decoder, the driver will lift the limitation of\nresolution alignment.\n\nFor example, the decoder can support jpeg whose resolution is 227x149\nthe encoder can support nv12 1080P, won't change it to 1920x1072."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"], "versions": [{"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba", "lessThan": "9ae2d729de6350c53a06c57782751d84eb2c08d9", "status": "affected", "versionType": "git"}, {"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba", "lessThan": "73d1836ed7911953182b787745cb8c5857a2661c", "status": "affected", "versionType": "git"}, {"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba", "lessThan": "447795ffb17cd60bb544e0abfc9399e180a14a2f", "status": "affected", "versionType": "git"}, {"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba", "lessThan": "9e7aa76cdb02923ee23a0ddd48f38bdc3512f92b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.61", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.18", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.2", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.61"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.18.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.19.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9ae2d729de6350c53a06c57782751d84eb2c08d9"}, {"url": "https://git.kernel.org/stable/c/73d1836ed7911953182b787745cb8c5857a2661c"}, {"url": "https://git.kernel.org/stable/c/447795ffb17cd60bb544e0abfc9399e180a14a2f"}, {"url": "https://git.kernel.org/stable/c/9e7aa76cdb02923ee23a0ddd48f38bdc3512f92b"}], "title": "media: imx-jpeg: Align upwards buffer size", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "508EFB53-3AD2-405D-9368-107BD8BEA339", "versionEndExcluding": "5.15.61", "versionStartIncluding": "5.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B42E453-8837-49D0-A5EF-03F818A6DC11", "versionEndExcluding": "5.18.18", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1A2A5A5-4598-4D7E-BA07-4660398D6C8F", "versionEndExcluding": "5.19.2", "versionStartIncluding": "5.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Align upwards buffer size\n\nThe hardware can support any image size WxH,\nwith arbitrary W (image width) and H (image height) dimensions.\n\nAlign upwards buffer size for both encoder and decoder.\nand leave the picture resolution unchanged.\n\nFor decoder, the risk of memory out of bounds can be avoided.\nFor both encoder and decoder, the driver will lift the limitation of\nresolution alignment.\n\nFor example, the decoder can support jpeg whose resolution is 227x149\nthe encoder can support nv12 1080P, won't change it to 1920x1072."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: imx-jpeg: Alinear hacia arriba el tama\u00f1o del b\u00fafer. El hardware puede admitir cualquier tama\u00f1o de imagen (ancho x alto), con dimensiones arbitrarias de ancho y alto. Alinear hacia arriba el tama\u00f1o del b\u00fafer tanto para el codificador como para el decodificador y dejar la resoluci\u00f3n de la imagen sin cambios. Para el decodificador, se puede evitar el riesgo de memoria fuera de los l\u00edmites. Tanto para el codificador como para el decodificador, el controlador eliminar\u00e1 la limitaci\u00f3n de la alineaci\u00f3n de la resoluci\u00f3n. Por ejemplo, el decodificador puede admitir jpeg cuya resoluci\u00f3n es de 227x149, el codificador puede admitir nv12 1080P, no lo cambiar\u00e1 a 1920x1072."}], "id": "CVE-2022-50182", "lastModified": "2025-11-19T12:52:11.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-18T11:15:48.700", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/447795ffb17cd60bb544e0abfc9399e180a14a2f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73d1836ed7911953182b787745cb8c5857a2661c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9ae2d729de6350c53a06c57782751d84eb2c08d9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e7aa76cdb02923ee23a0ddd48f38bdc3512f92b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: media: imx-jpeg: Align upwards buffer size", "id": "2373586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373586"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: imx-jpeg: Align upwards buffer size\nThe hardware can support any image size WxH,\nwith arbitrary W (image width) and H (image height) dimensions.\nAlign upwards buffer size for both encoder and decoder.\nand leave the picture resolution unchanged.\nFor decoder, the risk of memory out of bounds can be avoided.\nFor both encoder and decoder, the driver will lift the limitation of\nresolution alignment.\nFor example, the decoder can support jpeg whose resolution is 227x149\nthe encoder can support nv12 1080P, won't change it to 1920x1072."], "name": "CVE-2022-50182", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50182\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50182\nhttps://lore.kernel.org/linux-cve-announce/2025061833-CVE-2022-50182-c355@gregkh/T"], "threat_severity": "Moderate"}