#VU120548 Integer overflow in Linux kernel - CVE-2022-50763
Published: December 26, 2025 / Updated: December 31, 2025
Vulnerability identifier: #VU120548
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-50763
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the process_tar_file() and ucode_load() functions in drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/12acfa1059ad69aa352ddb2bf23ba1b831aff15f
- https://git.kernel.org/stable/c/7bfa7d67735381715c98091194e81e7685f9b7db
- https://git.kernel.org/stable/c/8f5eee162e55175d9dac98b5e9b8da76449d2257
- https://git.kernel.org/stable/c/caca37cf6c749ff0303f68418cfe7b757a4e0697
- https://git.kernel.org/stable/c/e7ff7a46baafd38d7ed45604397e650d61f5db8d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3