Bug 2396124 (CVE-2022-50358)

Summary: CVE-2022-50358 kernel: brcmfmac: return error when getting invalid max_flowrings from dongle
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-09-17 15:02:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

brcmfmac: return error when getting invalid max_flowrings from dongle

When firmware hit trap at initialization, host will read abnormal
max_flowrings number from dongle, and it will cause kernel panic when
doing iowrite to initialize dongle ring.
To detect this error at early stage, we directly return error when getting
invalid max_flowrings(>256).
Comment 1 Keith Grant 2025-09-17 17:33:24 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50358-6a86@gregkh/T