7.8

CVE-2022-48717

ASoC: max9759: fix underflow in speaker_gain_control_put()

In the Linux kernel, the following vulnerability has been resolved:

ASoC: max9759: fix underflow in speaker_gain_control_put()

Check for negative values of "priv->gain" to prevent an out of bounds
access.  The concern is that these might come from the user via:
  -> snd_ctl_elem_write_user()
    -> snd_ctl_elem_write()
      -> kctl->put()
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 4.19.228
LinuxLinux Kernel Version >= 4.20 < 5.4.178
LinuxLinux Kernel Version >= 5.5 < 5.10.99
LinuxLinux Kernel Version >= 5.11 < 5.15.22
LinuxLinux Kernel Version >= 5.16 < 5.16.8
LinuxLinux Kernel Version5.17 Updaterc1
LinuxLinux Kernel Version5.17 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.121
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964
Patch
https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921
Patch
https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc
Patch
https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e
Patch
https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c
Patch
https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6
Patch