11030 matches found
CVE-2022-49249 ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 bytes...
CVE-2022-49249
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 bytes...
CVE-2022-49249
Summary (CVE-2022-49249) In the Linux kernel, the ASoC codecs WC938X path was fixed to prevent array out-of-bounds when an enum is treated as an int. The root cause was using integers to index an enum, which could access memory beyond the array on platforms like aarch64 (where long is 8 bytes whi...
CVE-2022-49234 net: dsa: Avoid cross-chip syncing of VLAN filtering
In the Linux kernel, the following vulnerability has been resolved: net: dsa: Avoid cross-chip syncing of VLAN filtering Changes to VLAN filtering are not applicable to cross-chip notifications. On a system like this: .-----. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-' '-1-2-' '-1-2-'...
CVE-2022-49234
CVE-2022-49234 is a Linux kernel vulnerability in the VLAN filtering path for DSA cross-chip setups. The issue: when a switch (sw1) p4 leaves a bridge, dsa_port_vlan_filtering would also be invoked for sw2p1 and sw3p1, potentially referencing a non-existent port and causing array out-of-bounds ac...
CVE-2022-49234
In the Linux kernel, the following vulnerability has been resolved: net: dsa: Avoid cross-chip syncing of VLAN filtering Changes to VLAN filtering are not applicable to cross-chip notifications. On a system like this: .-----. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-' '-1-2-' '-1-2-'...
CVE-2022-49218
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The linkstatus array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a...
CVE-2022-49218 drm/dp: Fix OOB read when handling Post Cursor2 register
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The linkstatus array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a...
CVE-2022-49218 drm/dp: Fix OOB read when handling Post Cursor2 register
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The linkstatus array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a...
CVE-2022-49218 drm/dp: Fix OOB read when handling Post Cursor2 register
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The linkstatus array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a...
CVE-2022-49186
CVE-2022-49186 describes a Linux kernel vulnerability in the Visconti clock driver where a -1 sentinel used to indicate no reset function is stored in an unsigned 8-bit field. This caused the check if (clks[i].rs_id >= 0) to always be true, leading to an out-of-bounds access in visconti_clk_re...
CVE-2022-49186
In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconticlkregistergates This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if clksi.rsid = 0 condition was always true. Th...
CVE-2022-49186 clk: visconti: prevent array overflow in visconti_clk_register_gates()
In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconticlkregistergates This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if clksi.rsid = 0 condition was always true. Th...
CVE-2022-49186 clk: visconti: prevent array overflow in visconti_clk_register_gates()
In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconticlkregistergates This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if clksi.rsid = 0 condition was always true. Th...
CVE-2022-49170 f2fs: fix to do sanity check on curseg->alloc_type
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operat...
CVE-2022-49170 f2fs: fix to do sanity check on curseg->alloc_type
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operat...
CVE-2022-49170
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operat...
CVE-2022-49170
CVE-2022-49170 concerns the F2FS implementation in the Linux kernel. The root cause was a missing sanity check on curseg->alloc_type, which could widen an array-bounds access of sbi->block_count[] (UBSAN: array-index-out-of-bounds) when mounting/operating a corrupted image. The issue manife...
CVE-2022-49163
CVE-2022-49163 is a Linux kernel issue affecting the media/imx-jpeg driver. When parsing JPEGs, if an error occurs before a slot is acquired, a default MXC_MAX_SLOTS may be used and the driver can access the slot with an incorrect slot number, causing an out-of-bounds access. This leads to a chan...
CVE-2022-49163 media: imx-jpeg: fix a bug of accessing array out of bounds
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it may be the default value MXCMAXSLOTS. If the driver access the slot using the incorrect slot number, i...