7.8

CVE-2022-49952

misc: fastrpc: fix memory corruption on probe

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix memory corruption on probe

Add the missing sanity check on the probed-session count to avoid
corrupting memory beyond the fixed-size slab-allocated session array
when there are more than FASTRPC_MAX_SESSIONS sessions defined in the
devicetree.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 5.4.213
LinuxLinux Kernel Version >= 5.5 < 5.10.142
LinuxLinux Kernel Version >= 5.11 < 5.15.66
LinuxLinux Kernel Version >= 5.16 < 5.19.8
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.107
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/ec186b9f4aa2e6444d5308a6cc268aada7007639
Patch
https://git.kernel.org/stable/c/c99bc901d5eb9fbdd7bd39f625e170ce97390336
Patch
https://git.kernel.org/stable/c/0e33b0f322fecd7a92d9dc186535cdf97940a856
Patch
https://git.kernel.org/stable/c/c0425c2facd9166fa083f90c9f3187ace0c7837a
Patch
https://git.kernel.org/stable/c/9baa1415d9abdd1e08362ea2dcfadfacee8690b5
Patch