CVE-2022-49186

EPSS 0.05%
Veröffentlicht 26.02.2025 07:00:55
Zuletzt bearbeitet 01.10.2025 20:15:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

clk: visconti: prevent array overflow in visconti_clk_register_gates()

In the Linux kernel, the following vulnerability has been resolved:

clk: visconti: prevent array overflow in visconti_clk_register_gates()

This code was using -1 to represent that there was no reset function.
Unfortunately, the -1 was stored in u8 so the if (clks[i].rs_id >= 0)
condition was always true.  This lead to an out of bounds access in
visconti_clk_register_gates().

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.149

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/2723543c1d60278d5aef1c4ad732dbad24b84a81

Patch

https://git.kernel.org/stable/c/c5601e0720ce1a3ad895f94a5838530edde01ed3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49186

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49186

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49186

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-49186