{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net: atlantic: fix aq_vec index out of range error",
    "id" : "2373683",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373683"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-823",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: atlantic: fix aq_vec index out of range error\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n[   97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[   97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[   97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[   97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[   97.937611] Workqueue: events_unbound async_run_entry_fn\n[   97.937616] Call Trace:\n[   97.937617]  <TASK>\n[   97.937619]  dump_stack_lvl+0x49/0x63\n[   97.937624]  dump_stack+0x10/0x16\n[   97.937626]  ubsan_epilogue+0x9/0x3f\n[   97.937627]  __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[   97.937629]  ? __scm_send+0x348/0x440\n[   97.937632]  ? aq_vec_stop+0x72/0x80 [atlantic]\n[   97.937639]  aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[   97.937644]  aq_suspend_common+0x88/0x90 [atlantic]\n[   97.937648]  aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[   97.937653]  pci_pm_suspend+0x7e/0x1a0\n[   97.937655]  ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[   97.937657]  dpm_run_callback+0x54/0x190\n[   97.937660]  __device_suspend+0x14c/0x4d0\n[   97.937661]  async_suspend+0x23/0x70\n[   97.937663]  async_run_entry_fn+0x33/0x120\n[   97.937664]  process_one_work+0x21f/0x3f0\n[   97.937666]  worker_thread+0x4a/0x3c0\n[   97.937668]  ? process_one_work+0x3f0/0x3f0\n[   97.937669]  kthread+0xf0/0x120\n[   97.937671]  ? kthread_complete_and_exit+0x20/0x20\n[   97.937672]  ret_from_fork+0x22/0x30\n[   97.937676]  </TASK>\nv2. fixed \"warning: variable 'aq_vec' set but not used\"\nv3. simplified a for loop", "A vulnerability was found in the Linux kernel's Aquantia Atlantic driver, where a lack of proper bounds checking during loop indexing can lead to an out-of-bounds access. This can lead to undefined system behavior and a denial of service." ],
  "statement" : "This vulnerability in the Aquantia network driver (atlantic) allows out-of-bounds access to the aq_vec[] array, which can lead to a kernel crash. However, triggering this issue requires privileges, as it occurs in internal kernel functions like aq_nic_stop() and aq_vec_isr(), typically invoked during device suspend or shutdown. This bug was observable through a UBSAN report in aq_nic_stop().",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-17T00:00:00Z",
    "advisory" : "RHSA-2025:11375",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt_els:7",
    "package" : "kernel-rt-0:3.10.0-1160.136.1.rt56.1288.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-17T00:00:00Z",
    "advisory" : "RHSA-2025:11358",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "kernel-0:3.10.0-1160.136.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-07-10T00:00:00Z",
    "advisory" : "RHSA-2025:10761",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.159.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10828",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.162.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10828",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.162.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-07-09T00:00:00Z",
    "advisory" : "RHSA-2025:10673",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.151.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-07-09T00:00:00Z",
    "advisory" : "RHSA-2025:10673",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.151.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-07-09T00:00:00Z",
    "advisory" : "RHSA-2025:10673",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.151.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10834",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.8",
    "package" : "kernel-0:4.18.0-477.101.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10834",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.101.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10834",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.101.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10830",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.138.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-07-14T00:00:00Z",
    "advisory" : "RHSA-2025:10829",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.138.1.rt21.210.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-09T00:00:00Z",
    "advisory" : "RHSA-2025:10671",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.124.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-07-09T00:00:00Z",
    "advisory" : "RHSA-2025:10675",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.124.1.rt14.409.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50066\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50066\nhttps://lore.kernel.org/linux-cve-announce/2025061851-CVE-2022-50066-a2ad@gregkh/T" ],
  "name" : "CVE-2022-50066",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module atlantic from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}