crypto: hisilicon/qm - increase the memory of local variables
CVE-2022-50407

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2025

What is CVE-2022-50407?

In the Linux kernel, the following vulnerability has been resolved:

crypto: hisilicon/qm - increase the memory of local variables

Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest memory length. So the 'val buffer' may stack overflow.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3efe90af4c0c46c58dba1b306de142827153d9c0

References

https://git.kernel.org/stable/c/34c4f8ad45b4ea814c7ecc3f2...

https://git.kernel.org/stable/c/fc521abb6ee4b8f06fdfc5264...

https://git.kernel.org/stable/c/3efe90af4c0c46c58dba1b306...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 17, 2025