CVE-2022-47520 — Out-of-bounds Read in Kernel

CWE-125 — Out-of-bounds Read37 documents8 sources

Severity

7.1HIGHNVD

OSV7.8OSV6.4OSV5.5

EPSS

0.0%

top 92.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +2 more

Timeline

PublishedDec 18

Latest updateJun 15

Description

An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

▶NVDlinux/linux_kernel4.2.0 — 5.10.157+2

▶Debianlinux/linux_kernel< 5.10.158-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-144.161+1

▶debiandebian/linux< linux 6.0.12-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.86.1-1_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux-bluefield vulnerabilities↗2023-04-05

▶

OSV

linux-intel-iotg vulnerabilities↗2023-03-16

▶

OSV

linux-ibm, linux-ibm-5.4 vulnerabilities↗2023-03-14

▶

OSV

linux-kvm vulnerabilities↗2023-03-09

▶

OSV

linux-raspi-5.4 vulnerabilities↗2023-03-09

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 TM MFP Linux Kernel↗2023-06-15

▶

Ubuntu

Linux kernel (BlueField) vulnerabilities↗2023-04-05

▶

Ubuntu

Linux kernel (Intel IoTG) vulnerabilities↗2023-03-16

▶

Ubuntu

Linux kernel (KVM) vulnerabilities↗2023-03-14

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2023-03-14

▶