CVE-2022-50358Improper Input Validation in Linux

CWE-20Improper Input Validation5 documents5 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 93.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 17

Description

In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doing iowrite to initialize dongle ring. To detect this error at early stage, we directly return error when getting invalid max_flowrings(>256).

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.5 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.55.10.163+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux9e37f045d5e7f33450515f237c2f6f6bfee137dd3cc9299036bdb647408e11e41de3eb1ff6d428cd+6
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-pxjm-vgvf-9c27: In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmw2025-09-17
OSV
CVE-2022-50358: In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmwar2025-09-17

📋Vendor Advisories

2
Red Hat
kernel: brcmfmac: return error when getting invalid max_flowrings from dongle2025-09-17
Debian
CVE-2022-50358: linux - In the Linux kernel, the following vulnerability has been resolved: brcmfmac: r...2022
CVE-2022-50358 — Improper Input Validation in Linux | cvebase