7.8

CVE-2022-50052

ASoC: Intel: avs: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved:

ASoC: Intel: avs: Fix potential buffer overflow by snprintf()

snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in a buffer
overflow (although it's unrealistic).

This patch replaces it with a safer version, scnprintf() for papering
over such a potential issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 5.19.4
LinuxLinux Kernel Version6.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.07
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/840311a09f75632b9d41fbc1cd5c7aea94ce5f7e
Patch
https://git.kernel.org/stable/c/ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00
Patch