CVE-2022-50358
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doing iowrite to initialize dongle ring. To detect this error at early stage, we directly return error when getting invalid max_flowrings(>256).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50358
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 5.4.229 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.163 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.86 (exc)
linux linux_kernel From 5.16 (inc) to 6.0.16 (exc)
linux linux_kernel From 6.1 (inc) to 6.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's brcmfmac driver when it reads an invalid max_flowrings value from the dongle during initialization. If the firmware hits a trap, the host may read an abnormal max_flowrings number, which can cause a kernel panic when performing iowrite operations to initialize the dongle ring. The fix involves returning an error early if the max_flowrings value is invalid (greater than 256) to prevent this issue.

Impact Analysis

This vulnerability can cause the Linux kernel to panic during the initialization of the dongle, leading to system crashes or instability. This can disrupt normal operation of devices using the affected driver, potentially causing downtime or loss of service.

Detection Guidance

This vulnerability can be detected by monitoring for kernel panic events related to the brcmfmac driver during dongle initialization, especially when abnormal max_flowrings values (>256) are read. Specific commands are not provided in the available information.

Mitigation Strategies

Immediate mitigation involves ensuring that the Linux kernel is updated to a version where the brcmfmac driver returns an error when receiving invalid max_flowrings values from the dongle, preventing kernel panic during initialization.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50358. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart