{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50621", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-08T01:14:55.189Z", "datePublished": "2025-12-08T01:16:34.861Z", "dateUpdated": "2025-12-08T01:16:34.861Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-08T01:16:34.861Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: verity-loadpin: Only trust verity targets with enforcement\n\nVerity targets can be configured to ignore corrupted data blocks.\nLoadPin must only trust verity targets that are configured to\nperform some kind of enforcement when data corruption is detected,\nlike returning an error, restarting the system or triggering a\npanic."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-verity-loadpin.c", "drivers/md/dm-verity-target.c", "drivers/md/dm-verity.h"], "versions": [{"version": "b6c1c5745ccc68ac5d57c7ffb51ea25a86d0e97b", "lessThan": "cb1f5b76e39d86c98722696bdf632987aa777b83", "status": "affected", "versionType": "git"}, {"version": "b6c1c5745ccc68ac5d57c7ffb51ea25a86d0e97b", "lessThan": "916ef6232cc4b84db7082b4c3d3cf1753d9462ba", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/dm-verity-loadpin.c", "drivers/md/dm-verity-target.c", "drivers/md/dm-verity.h"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.3", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.0.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cb1f5b76e39d86c98722696bdf632987aa777b83"}, {"url": "https://git.kernel.org/stable/c/916ef6232cc4b84db7082b4c3d3cf1753d9462ba"}], "title": "dm: verity-loadpin: Only trust verity targets with enforcement", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: verity-loadpin: Only trust verity targets with enforcement\n\nVerity targets can be configured to ignore corrupted data blocks.\nLoadPin must only trust verity targets that are configured to\nperform some kind of enforcement when data corruption is detected,\nlike returning an error, restarting the system or triggering a\npanic."}], "id": "CVE-2022-50621", "lastModified": "2025-12-08T18:26:19.900", "metrics": {}, "published": "2025-12-08T02:15:48.000", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/916ef6232cc4b84db7082b4c3d3cf1753d9462ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cb1f5b76e39d86c98722696bdf632987aa777b83"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}