CVE-2022-50407 — Uncontrolled Recursion in Linux

CWE-674 — Uncontrolled Recursion6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 99.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +3 more

Timeline

PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest memory length. So the 'val buffer' may stack overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶NVDlinux/linux_kernel5.4 — 6.0.16+1

▶Debianlinux/linux_kernel< 6.1.4-1+2

▶CVEListV5linux/linux263c9959c9376ec0217d6adc61222a53469eed3c — 34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52+3

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-h85m-6qg2-23fm: In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffe↗2025-09-18

▶

OSV

CVE-2022-50407: In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer↗2025-09-18

▶

📋Vendor Advisories

Red Hat

kernel: crypto: hisilicon/qm - increase the memory of local variables↗2025-09-18

▶

Microsoft

crypto: hisilicon/qm - increase the memory of local variables↗2025-09-09

▶

Debian

CVE-2022-50407: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: his...↗2022

▶