In the Linux kernel, the following vulnerability has been resolved:
speakup: Fix sizeof() vs ARRAY_SIZE() bug
The “buf” pointer is an array of u16 values. This code should be
using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),
otherwise it can the still got out of bounds.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"versions": [
{
"version": "756c5cb7c09e",
"lessThan": "42f0a3f67158",
"status": "affected",
"versionType": "git"
},
{
"version": "8f6b62125bef",
"lessThan": "cd7f3978c2ec",
"status": "affected",
"versionType": "git"
},
{
"version": "6401038acfa2",
"lessThan": "07ef95cc7a57",
"status": "affected",
"versionType": "git"
},
{
"version": "0d130158db29",
"lessThan": "504178fb7d9f",
"status": "affected",
"versionType": "git"
},
{
"version": "89af25bd4b4b",
"lessThan": "3726f75a1ccc",
"status": "affected",
"versionType": "git"
},
{
"version": "8defb1d22ba0",
"lessThan": "c6e1650cf5df",
"status": "affected",
"versionType": "git"
},
{
"version": "0efb15c14c49",
"lessThan": "eb1ea64328d4",
"status": "affected",
"versionType": "git"
},
{
"version": "c8d2f34ea96e",
"lessThan": "d52c04474fea",
"status": "affected",
"versionType": "git"
},
{
"version": "c8d2f34ea96e",
"lessThan": "008ab3c53bc4",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/accessibility/speakup/main.c"
],
"versions": [
{
"version": "6.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.316",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.278",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.219",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.161",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.93",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.33",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.12",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.3",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b
git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586
git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e
git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358
git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535
git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb
git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996
git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef
git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef