Lucene search

K
nvd[email protected]NVD:CVE-2022-39842
HistorySep 05, 2022 - 7:15 a.m.

CVE-2022-39842

2022-09-0507:15:08
CWE-190
web.nvd.nist.gov
10
linux kernel
pxa3xx-gcu.c
integer overflow
size check
heap overflow

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

19.0%

An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<5.19
OR
linuxlinux_kernelMatch5.19rc1
OR
linuxlinux_kernelMatch5.19rc2
OR
linuxlinux_kernelMatch5.19rc3
Node
debiandebian_linuxMatch10.0
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.19cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
linuxlinux_kernel5.19cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
linuxlinux_kernel5.19cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

19.0%