CVE-2022-50551Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-682Incorrect Calculation6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 97.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BIT(chiprev) when a 'chiprev' provided by the device is too large. It should also not be equal to or greater than BITS_PER_TYPE(u32) as we do bitwise AND with a u32 variable and BIT(chiprev). The patch adds a check that makes the function return NULL if that is the case. Note that the

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel4.54.9.337+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux46d703a775394e4724509ff55cdda41d228c028c1db036d13e10809943c2dce553e2fa7fc9c6cd80+10
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.1.1 firmware.c brcmf_fw_alloc_request out-of-bounds (EUVD-2025-32015 / Nessus ID 279908)2026-04-20
OSV
CVE-2022-50551: In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This2025-10-07
GHSA
GHSA-3cj2-mw4r-3p6w: In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() Th2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()2025-10-07
Debian
CVE-2022-50551: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmf...2022