7.8

CVE-2022-50368

drm/msm/dsi: fix memory corruption with too many bridges

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dsi: fix memory corruption with too many bridges

Add the missing sanity check on the bridge counter to avoid corrupting
data beyond the fixed-sized bridge array in case there are ever more
than eight bridges.

Patchwork: https://patchwork.freedesktop.org/patch/502668/
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.1 < 4.19.264
LinuxLinux Kernel Version >= 4.20 < 5.4.223
LinuxLinux Kernel Version >= 5.5 < 5.10.153
LinuxLinux Kernel Version >= 5.11 < 5.15.77
LinuxLinux Kernel Version >= 5.16 < 6.0.7
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/4e5587cddb334f7a5bb1c49ea8bbfc966fafe1b8
Patch
https://git.kernel.org/stable/c/f649ed0e1b7a1545f8e27267d3c468b3cb222ece
Patch
https://git.kernel.org/stable/c/21c4679af01f1027cb559330c2e7d410089b2b36
Patch
https://git.kernel.org/stable/c/9f035d1fb30648fe70ee01627eb131c56d699b35
Patch
https://git.kernel.org/stable/c/e83b354890a3c1d5256162f87a6cc38c47ae7f20
Patch
https://git.kernel.org/stable/c/2e786eb2f9cebb07e317226b60054df510b60c65
Patch