CVE-2022-50258: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50258 is a vulnerability in the Linux kernel's brcmfmac WiFi driver component. The issue was discovered when a stack-out-of-bounds read occurs in the brcmfcpreinit_dcmds() function when a buffer that is not null-terminated is passed as an argument to strsep(). This vulnerability was found using a modified version of the syzkaller fuzzing tool (NVD).

The vulnerability occurs in the brcmfmac driver when handling firmware version strings. Specifically, the bug manifests when a buffer filled with a firmware version string by memcpy() in brcmffiliovardataget() is passed to strsep() without proper null-termination in the brcmfcpreinit_dcmds() function. This leads to a stack-out-of-bounds read condition, which was detected by the Kernel Address Sanitizer (KASAN) (NVD).

The vulnerability could potentially lead to information disclosure through an out-of-bounds read of kernel memory. This could expose sensitive information from the kernel's memory space, potentially compromising system security (NVD).

A patch has been developed that ensures the buffer is properly null-terminated before being passed to strsep(). Users should update their Linux kernel to a version that includes this fix (NVD).