← back
CVE-2022-50407

crypto: hisilicon/qm - increase the memory of local variables

CVSS 5.5 MEDIUMEPSS 0.2%CWE-674
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest memory length. So the 'val buffer' may stack overflow.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.kernel.org/stable/c/34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52https://git.kernel.org/stable/c/3efe90af4c0c46c58dba1b306de142827153d9c0https://git.kernel.org/stable/c/fc521abb6ee4b8f06fdfc52646140dab6a2ed334