CVE-2022-50508 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 95.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power After 'commit ba45841ca5eb ("wifi: mt76: mt76x02: simplify struct mt76x02_rate_power")', mt76x02 relies on ht[0-7] rate_power data for vht mcs{0,7}, while it uses vth[0-1] rate_power for vht mcs {8,9}. Fix a possible out-of-bound access in mt76x0_phy_get_target_power routine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel6.2 — 6.2.3

▶Debianlinux/linux_kernel< 6.3.7-1+1

▶CVEListV5linux/linuxba45841ca5eb29245f9c9f452a39586d9d68bc12 — bf425c5d7ef6fb4083c1e0d46440f886127b5ee5+2

▶debiandebian/linux< linux 6.3.7-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-gjgv-497v-vq7g: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power After 'commit↗2025-10-04

▶

OSV

CVE-2022-50508: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power After 'commit ba↗2025-10-04

▶

📋Vendor Advisories

Red Hat

kernel: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power↗2025-10-04

▶

Debian

CVE-2022-50508: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76:...↗2022

▶