7.8

CVE-2022-50040

net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()

If an error occurs in dsa_devlink_region_create(), then 'priv->regions'
array will be accessed by negative index '-1'.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.138
LinuxLinux Kernel Version >= 5.11 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
LinuxLinux Kernel Version6.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.138
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/7983e1e44cb322eba6af84160b6d18df80603fb8
Patch
https://git.kernel.org/stable/c/e84c6321f3578c38cb3c24258db91a92672b17a8
Patch
https://git.kernel.org/stable/c/79f86b862416126a2e826cb74224180d6625a32f
Patch
https://git.kernel.org/stable/c/fd8e899cdb5ecaf8e8ee73854a99e10807eef1de
Patch