CVE-2022-50814
Unknown Unknown - Not Provided
Integer Mismatch Causes Out-of-Bounds in Linux hisi_zip Crypto

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr KASAN reported this Bug: [17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60 [17619.673193] Read of size 4 at addr fffff01332d7ed00 by task read_all/1507958 ... [17619.698934] The buggy address belongs to the variable: [17619.708371] sgl_sge_nr+0x0/0xffffffffffffa300 [hisi_zip] There is a mismatch in hisi_zip when get/set the variable sgl_sge_nr. The type of sgl_sge_nr is u16, and get/set sgl_sge_nr by param_get/set_int. Replacing param_get/set_int to param_get/set_ushort can fix this bug.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50814
EUVD
EUVD-2022-55884
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
hisilicon hisi_zip *
hisi hisi_zip *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's hisilicon/zip crypto module where there is a mismatch in how the variable sgl_sge_nr is accessed. The variable sgl_sge_nr is of type u16, but it was being accessed using param_get/set_int functions, which are meant for a different data type. This mismatch caused a global out-of-bounds memory access detected by KASAN, leading to potential memory corruption. The fix involved replacing param_get/set_int with param_get/set_ushort to correctly handle the u16 type.

Impact Analysis

This vulnerability can lead to out-of-bounds memory access in the Linux kernel's hisilicon/zip crypto module, which may cause memory corruption or crashes. Such issues can potentially be exploited to compromise system stability or security, depending on the context in which the vulnerable code is used.

Detection Guidance

Detection can be done by monitoring kernel logs for KASAN (Kernel Address Sanitizer) reports indicating a global-out-of-bounds error related to param_get_int and sgl_sge_nr in the hisi_zip module. For example, you can use the command 'dmesg | grep KASAN' or 'journalctl -k | grep KASAN' to look for such error messages.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where the hisilicon/zip driver has been fixed by replacing param_get/set_int with param_get/set_ushort for the sgl_sge_nr variable. Until then, monitoring for KASAN errors and avoiding use of the affected hisi_zip functionality may reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50814. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart