7.8

CVE-2022-48632

i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

In the Linux kernel, the following vulnerability has been resolved:

i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

memcpy() is called in a loop while 'operation->length' upper bound
is not checked and 'data_idx' also increments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.146
LinuxLinux Kernel Version >= 5.11 < 5.15.71
LinuxLinux Kernel Version >= 5.16 < 5.19.12
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
LinuxLinux Kernel Version6.0 Updaterc4
LinuxLinux Kernel Version6.0 Updaterc5
LinuxLinux Kernel Version6.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.164
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/3b5ab5fbe69ebbee5692c72b05071a43fc0655d8
Patch
Mailing List
https://git.kernel.org/stable/c/48ee0a864d1af02eea98fc825cc230d61517a71e
Patch
Mailing List
https://git.kernel.org/stable/c/dc2a0c587006f29b724069740c48654b9dcaebd2
Patch
Mailing List
https://git.kernel.org/stable/c/de24aceb07d426b6f1c59f33889d6a964770547b
Patch
Mailing List