CVE-2022-50407 (GCVE-0-2022-50407)
Vulnerability from cvelistv5
Published
2025-09-18 16:03
Modified
2025-09-29 10:47
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest memory length. So the 'val buffer' may stack overflow.
Impacted products
Vendor Product Version
Linux Linux Version: 263c9959c9376ec0217d6adc61222a53469eed3c
Version: 263c9959c9376ec0217d6adc61222a53469eed3c
Version: 263c9959c9376ec0217d6adc61222a53469eed3c
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/hisilicon/qm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52",
              "status": "affected",
              "version": "263c9959c9376ec0217d6adc61222a53469eed3c",
              "versionType": "git"
            },
            {
              "lessThan": "fc521abb6ee4b8f06fdfc52646140dab6a2ed334",
              "status": "affected",
              "version": "263c9959c9376ec0217d6adc61222a53469eed3c",
              "versionType": "git"
            },
            {
              "lessThan": "3efe90af4c0c46c58dba1b306de142827153d9c0",
              "status": "affected",
              "version": "263c9959c9376ec0217d6adc61222a53469eed3c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/hisilicon/qm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - increase the memory of local variables\n\nIncrease the buffer to prevent stack overflow by fuzz test. The maximum\nlength of the qos configuration buffer is 256 bytes. Currently, the value\nof the \u0027val buffer\u0027 is only 32 bytes. The sscanf does not check the dest\nmemory length. So the \u0027val buffer\u0027 may stack overflow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T10:47:33.423Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc521abb6ee4b8f06fdfc52646140dab6a2ed334"
        },
        {
          "url": "https://git.kernel.org/stable/c/3efe90af4c0c46c58dba1b306de142827153d9c0"
        }
      ],
      "title": "crypto: hisilicon/qm - increase the memory of local variables",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50407",
    "datePublished": "2025-09-18T16:03:52.532Z",
    "dateReserved": "2025-09-17T14:53:07.001Z",
    "dateUpdated": "2025-09-29T10:47:33.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50407\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-18T16:15:43.880\",\"lastModified\":\"2025-09-19T16:00:27.847\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: hisilicon/qm - increase the memory of local variables\\n\\nIncrease the buffer to prevent stack overflow by fuzz test. The maximum\\nlength of the qos configuration buffer is 256 bytes. Currently, the value\\nof the \u0027val buffer\u0027 is only 32 bytes. The sscanf does not check the dest\\nmemory length. So the \u0027val buffer\u0027 may stack overflow.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3efe90af4c0c46c58dba1b306de142827153d9c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fc521abb6ee4b8f06fdfc52646140dab6a2ed334\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…