CVE-2022-50407

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A stack overflow issue was resolved in the crypto/hisilicon/qm module of the Linux kernel. The vulnerability occurs due to insufficient bounds checking during the use of sscanf, potentially allowing a stack overflow when processing a qos configuration buffer. The maximum length of the qos configuration buffer is 256 bytes, while the destination buffer ('val buffer') was limited to 32 bytes. Increasing the buffer size mitigates the risk of a stack overflow identified through fuzz testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.