VYPR
Unrated severityNVD Advisory· Published Sep 15, 2025

crypto: cavium - prevent integer overflow loading firmware

CVE-2022-50330

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: cavium - prevent integer overflow loading firmware

The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly.

The "ntohl(ucode->code_length) * 2" multiplication can have an integer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

136

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.