7.8
CVE-2022-48717
- EPSS 0.22%
- Veröffentlicht 20.06.2024 11:15:55
- Zuletzt bearbeitet 21.11.2024 07:33:51
- CVE-Watchlists
- Unerledigt
ASoC: max9759: fix underflow in speaker_gain_control_put()
In the Linux kernel, the following vulnerability has been resolved:
ASoC: max9759: fix underflow in speaker_gain_control_put()
Check for negative values of "priv->gain" to prevent an out of bounds
access. The concern is that these might come from the user via:
-> snd_ctl_elem_write_user()
-> snd_ctl_elem_write()
-> kctl->put()Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.17 < 4.19.228
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.178
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.99
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.22
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.8
Linux ≫ Linux Kernel Version5.17 Updaterc1
Linux ≫ Linux Kernel Version5.17 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964
https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921
https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc
https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e
https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c
https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6