7.8

CVE-2022-50050

ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in the buffer
overflow (although it's unrealistic).

This patch replaces with a safer version, scnprintf() for papering
over such a potential issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
LinuxLinux Kernel Version6.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.08
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/6ee1310f4d148dbf04c4159b88afd0b941018903
Patch
https://git.kernel.org/stable/c/f7915c5614a7ece117ec390f21a410531eac48de
Patch
https://git.kernel.org/stable/c/94c1ceb043c1a002de9649bb630c8e8347645982
Patch