7.8

CVE-2022-49950

misc: fastrpc: fix memory corruption on open

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix memory corruption on open

The probe session-duplication overflow check incremented the session
count also when there were no more available sessions so that memory
beyond the fixed-size slab-allocated session array could be corrupted in
fastrpc_session_alloc() on open().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 5.4.213
LinuxLinux Kernel Version >= 5.5 < 5.10.142
LinuxLinux Kernel Version >= 5.11 < 5.15.66
LinuxLinux Kernel Version >= 5.16 < 5.19.8
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.107
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/f8632b8bb53ebc005d8f24a68a0c1f9678c0e908
Patch
https://git.kernel.org/stable/c/5cf2a57c7a01a0d7bdecf875a63682f542891b1b
Patch
https://git.kernel.org/stable/c/cf20c3533efc89578ace94fa20a9e63446223c72
Patch
https://git.kernel.org/stable/c/e0578e603065f120a8759b75e0d6c216c7078a39
Patch
https://git.kernel.org/stable/c/d245f43aab2b61195d8ebb64cef7b5a08c590ab4
Patch