CVE-2022-50330Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or WraparoundCWE-89SQL Injection6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multipl

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.114.14.296+6
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux9e2c7d99941d000a36f68a3594cec27a1bbea274c4d4c2afd08dfb3cd1c880d1811ede2568e81a6d+8
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-w6rv-q4xv-mrf3: In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" val2025-09-15
OSV
CVE-2022-50330: In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value2025-09-15

📋Vendor Advisories

3
Red Hat
kernel: crypto: cavium - prevent integer overflow loading firmware2025-09-15
Ivanti
Ivanti Security Advisory: CVE-2024-503302024-11-12
Debian
CVE-2022-50330: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: cav...2022
CVE-2022-50330 — Integer Overflow or Wraparound | cvebase