CVE-2022-50763
Integer Overflow in Linux Kernel Marvell/Octeontx Crypto Component
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves integer overflows in the Linux kernel's marvell/octeontx crypto component. Specifically, the 'code_length' value, which comes from firmware files, can cause an overflow when multiplied by 2, and other expressions involving rounding up the microcode size can also overflow. These overflows could lead to improper handling of untrusted firmware data.
How can this vulnerability impact me? :
If the firmware is untrusted, integer overflows in processing the 'code_length' and related calculations could potentially lead to unexpected behavior or security issues in the kernel's crypto component. However, since the firmware is untrusted, there is limited protection possible, and the fix aims to limit the damage caused by these overflows.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability involves integer overflows in the Linux kernel's marvell/octeontx crypto code related to untrusted firmware files, immediate mitigation steps include ensuring that your firmware is from a trusted source and applying any available kernel updates or patches that address this issue. Limiting the use of untrusted firmware and monitoring for kernel updates is recommended.