5.5
CVE-2022-50330
- EPSS 0.02%
- Veröffentlicht 15.09.2025 14:49:33
- Zuletzt bearbeitet 04.12.2025 13:44:36
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
crypto: cavium - prevent integer overflow loading firmware
In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can have an integer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.11 < 4.14.296
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.262
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.220
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.150
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.75
Linux ≫ Linux Kernel Version >= 5.16 < 5.19.17
Linux ≫ Linux Kernel Version >= 6.0 < 6.0.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.