7.1

CVE-2022-49946

clk: bcm: rpi: Prevent out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved:

clk: bcm: rpi: Prevent out-of-bounds access

The while loop in raspberrypi_discover_clocks() relies on the assumption
that the id of the last clock element is zero. Because this data comes
from the Videocore firmware and it doesn't guarantuee such a behavior
this could lead to out-of-bounds access. So fix this by providing
a sentinel element.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.9 < 5.10.142
LinuxLinux Kernel Version >= 5.11 < 5.15.66
LinuxLinux Kernel Version >= 5.16 < 5.19.8
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.094
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34
Patch
https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2
Patch
https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4
Patch
https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d
Patch