5.5
CVE-2022-48938
- EPSS 0.21%
- Veröffentlicht 22.08.2024 04:15:17
- Zuletzt bearbeitet 08.11.2024 16:15:17
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
CDC-NCM: avoid overflow in sanity checking
In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.10.103
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.26
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.12
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.114 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://git.kernel.org/stable/c/49909c9f8458cacb5b241106cba65aba5a6d8f4c
https://git.kernel.org/stable/c/69560efa001397ebb8dc1c3e6a3ce00302bb9f7f
https://git.kernel.org/stable/c/7b737e47b87589031f0d4657f6d7b0b770474925
https://git.kernel.org/stable/c/8d2b1a1ec9f559d30b724877da4ce592edc41fdc
https://git.kernel.org/stable/c/9957fbf34f52a4d8945d1bf39aae400ef9a11246
https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6