-

CVE-2022-50131

In the Linux kernel, the following vulnerability has been resolved:

HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()

Smatch Warning:
drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy()
'&mcp->txbuf[5]' too small (59 vs 255)
drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf'
too small (34 vs 255)

The 'len' variable can take a value between 0-255 as it can come from
data->block[0] and it is user data. So add an bound check to prevent a
buffer overflow in memcpy().

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 66c8e816f2f2ca4a61b406503bd10bad1b35f72f
Version 67a95c21463d066060b0f66d65a75d45bb386ffb
Status affected
Version < 91443c669d280937968f0aa4edefa741cfe35314
Version 67a95c21463d066060b0f66d65a75d45bb386ffb
Status affected
Version < 6402116a7b5ec80fa40fd145a80c813019cd555f
Version 67a95c21463d066060b0f66d65a75d45bb386ffb
Status affected
Version < 3c0f8a59f2cc8841ee6653399a77f4f3e6e9a270
Version 67a95c21463d066060b0f66d65a75d45bb386ffb
Status affected
Version < 62ac2473553a00229e67bdf3cb023b62cf7f5a9a
Version 67a95c21463d066060b0f66d65a75d45bb386ffb
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.7
Status affected
Version < 5.7
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.137
Status unaffected
Version <= 5.15.*
Version 5.15.61
Status unaffected
Version <= 5.18.*
Version 5.18.18
Status unaffected
Version <= 5.19.*
Version 5.19.2
Status unaffected
Version <= *
Version 6.0
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.057
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String