CVE-2022-2873Incorrect Calculation of Buffer Size in Kernel

CWE-131Incorrect Calculation of Buffer Size18 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxFedoraproject Fedora+2 more
Timeline
PublishedAug 22
Latest updateFeb 14

Description

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.19+1
Debianlinux/linux_kernel< 5.10.162-1+3
Ubuntulinux/linux_kernel< 5.15.0-47.51
CVEListV5linux/linux_kernelLinux kernel 5.19-rc8
Palo Altopaloalto/pan-os

Also affects: Debian Linux 11.0, Enterprise Linux 6.0, 7.0, 8.0, 9.0, Fedora 36

🔴Vulnerability Details

8
OSV
linux-hwe-5.15, linux-lowlatency-hwe-5.15 vulnerabilities2022-09-21
OSV
linux-intel-iotg vulnerabilities2022-09-16
OSV
linux-raspi vulnerabilities2022-09-08
OSV
linux-oracle vulnerabilities2022-09-05
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency vulnerabilities2022-09-02

📋Vendor Advisories

9
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel (HWE) vulnerabilities2022-09-21
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2022-09-16
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2022-09-08
Ubuntu
Linux kernel (Oracle) vulnerabilities2022-09-05
CVE-2022-2873 — Incorrect Calculation of Buffer Size | cvebase