7.8

CVE-2022-50051

ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in the buffer
overflow (although it's unrealistic).

This patch replaces with a safer version, scnprintf() for papering
over such a potential issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.11 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
LinuxLinux Kernel Version6.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.08
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/b318b9dd2ac67f39d0338ce563879d1f59a0347a
Patch
https://git.kernel.org/stable/c/a67971a17604ae7de278fb09243432459afc51e1
Patch
https://git.kernel.org/stable/c/1eb123ce985e6cf302ac6e3f19862d132d86fa8f
Patch