CVE-2022-48655Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read14 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 28
Latest updateAug 22

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel5.45.4.277+4
Debianlinux/linux_kernel< 5.10.218-1+3
Ubuntulinux/linux_kernel< 5.4.0-190.210
CVEListV5linux/linux95a15d80aa0de938299acfcbc6aa6f2b16f5d7e57184491fc515f391afba23d0e9b690caaea72daf+5
debiandebian/linux< linux 6.0.2-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
linux-raspi-5.4 vulnerabilities2024-08-22
OSV
linux-oracle, linux-oracle-5.4 vulnerabilities2024-08-09
OSV
linux-aws, linux-aws-5.4 vulnerabilities2024-07-30
OSV
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabili2024-07-29
OSV
CVE-2022-48655: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains d2024-04-28

📋Vendor Advisories

6
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2024-08-22
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-08-09
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-29
Red Hat
kernel: firmware: arm_scmi: Harden accesses to the reset domains2024-04-28

💬Community

1
Bugzilla
CVE-2022-48655 kernel: firmware: arm_scmi: Harden accesses to the reset domains2024-04-29