CVE-2022-50763

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the crypto/marvell/octeontx module where integer overflows can occur. The code length value, sourced from firmware files, is susceptible to overflow. Specifically, the calculation code length * 2 and the expression round up(ucode size, 16) + sizeof() can lead to overflows. This issue is particularly relevant when dealing with untrusted firmware, as limiting the damage is difficult in such scenarios. The Smatch tool flags data read from the filesystem as untrusted and issues warnings if it is not properly capped.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.