SB20251226290 - Integer overflow in Linux kernel marvell octeontx driver
Published: December 26, 2025 Updated: December 31, 2025
Security Bulletin ID
SB20251226290
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2022-50763)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the process_tar_file() and ucode_load() functions in drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12acfa1059ad69aa352ddb2bf23ba1b831aff15f
- https://git.kernel.org/stable/c/7bfa7d67735381715c98091194e81e7685f9b7db
- https://git.kernel.org/stable/c/8f5eee162e55175d9dac98b5e9b8da76449d2257
- https://git.kernel.org/stable/c/caca37cf6c749ff0303f68418cfe7b757a4e0697
- https://git.kernel.org/stable/c/e7ff7a46baafd38d7ed45604397e650d61f5db8d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3