7.1
CVE-2022-50394
- EPSS 0.15%
- Veröffentlicht 18.09.2025 13:33:12
- Zuletzt bearbeitet 14.01.2026 19:16:14
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
In the Linux kernel, the following vulnerability has been resolved: i2c: ismt: Fix an out-of-bounds bug in ismt_access() When the driver does not check the data from the user, the variable 'data->block[0]' may be very large to cause an out-of-bounds bug. The following log can reveal it: [ 33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20 [ 33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA: WRITE [ 33.996475] ================================================================== [ 33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b [ 33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485 [ 33.999450] Call Trace: [ 34.001849] memcpy+0x20/0x60 [ 34.002077] ismt_access.cold+0x374/0x214b [ 34.003382] __i2c_smbus_xfer+0x44f/0xfb0 [ 34.004007] i2c_smbus_xfer+0x10a/0x390 [ 34.004291] i2cdev_ioctl_smbus+0x2c8/0x710 [ 34.005196] i2cdev_ioctl+0x5ec/0x74c Fix this bug by checking the size of 'data->block[0]' first.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.9 < 4.9.337
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.303
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.270
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.229
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.163
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.86
Linux ≫ Linux Kernel Version >= 5.16 < 6.0.16
Linux ≫ Linux Kernel Version >= 6.1 < 6.1.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.047 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/4a7bb1d93addb2f67e36fed00a53cb7f270d7b7a
https://git.kernel.org/stable/c/03b7ef7a6c5ca1ff553470166b4919db88b810f6
https://git.kernel.org/stable/c/bfe41d966c860a8ad4c735639d616da270c92735
https://git.kernel.org/stable/c/cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
https://git.kernel.org/stable/c/9ac541a0898e8ec187a3fa7024b9701cffae6bf2
https://git.kernel.org/stable/c/96c12fd0ec74641295e1c3c34dea3dce1b6c3422
https://git.kernel.org/stable/c/a642469d464b2780a25a49b51ae56623c65eac34
https://git.kernel.org/stable/c/233348a04becf133283f0076e20b317302de21d9
https://git.kernel.org/stable/c/39244cc754829bf707dccd12e2ce37510f5b1f8d