Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-48632

Опубликовано: 28 апр. 2024
Источник: redhat
CVSS3: 4.7

Описание

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

A flaw was found in the Linux kernel. The following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction().

Отчет

Actual only for ARM platforms. For the Red Hat Enterprise Linux and Fedora the related code disabled, so not affected (apart from the latest version of the Red Hat Enterprise Linux 9 and latest version of the Red Hat Enterprise Linux 10). The bug could happen only if Mellanox BlueField I2C controller being used.

Меры по смягчению последствий

To mitigate this issue, prevent module i2c-mlxbf from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtAffected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:510208.08.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:510108.08.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:239430.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2277840kernel: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-48632

ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

nvd логотип

CVE-2022-48632

nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

debian логотип

CVE-2022-48632

debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: i ...

github логотип

GHSA-54qq-rr2g-7v9v

github
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

fstec логотип

BDU:2024-10026

CVSS3: 5.5
fstec
почти 3 года назад

Уязвимость компонента i2c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

4.7 Medium

CVSS3