Lucene search

K

GoogleOSV:CVE-2022-48672

HistoryMay 03, 2024 - 3:15 p.m.

CVE-2022-48672

2024-05-0315:15:00

Google

osv.dev

5

linux kernel

vulnerability

fix

unflattening

buffer overflow

svace static analysis

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e (“drivers/of: Fix depth when unflattening devicetree”) forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer… Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

References

git.kernel.org/linus/2f945a792f67815abca26fa8a5e863ccf3fa1181

git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e

git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0

git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf3fa1181

git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7

git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853

git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf

git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c

ubuntu.com/security/CVE-2022-48672

www.cve.org/CVERecord?id=CVE-2022-48672

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Related for OSV:CVE-2022-48672

vulnrichment1 debiancve1 cve1 ubuntucve1 nvd1 cvelist1 redhatcve1 redos1 amazon1 nessus11 openvas6 osv4