Lucene search
LinuxVULNRICHMENT:CVE-2022-48655HistoryApr 28, 2024 - 1:01 p.m.
CVE-2022-48655 firmware: arm_scmi: Harden accesses to the reset domains
2024-04-2813:01:00
Linux
github.com
11
linux kernel
vulnerability
firmware
access control
scmi drivers
out-of-bound violations
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
5.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Harden accesses to the reset domains
Accessing reset domains descriptors by the index upon the SCMI drivers
requests through the SCMI reset operations interface can potentially
lead to out-of-bound violations if the SCMI driver misbehave.
Add an internal consistency check before any such domains descriptors
accesses.
CNA Affected
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "7184491fc515",
"versionType": "git"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "f2277d9e2a0d",
"versionType": "git"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "1f08a1b26cfc",
"versionType": "git"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "8e65edf0d376",
"versionType": "git"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "e9076ffbcaed",
"versionType": "git"
}
],
"programFiles": [
"drivers/firmware/arm_scmi/reset.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"status": "unaffected",
"version": "0",
"lessThan": "5.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.4.277",
"versionType": "custom",
"lessThanOrEqual": "5.4.*"
},
{
"status": "unaffected",
"version": "5.10.218",
"versionType": "custom",
"lessThanOrEqual": "5.10.*"
},
{
"status": "unaffected",
"version": "5.15.71",
"versionType": "custom",
"lessThanOrEqual": "5.15.*"
},
{
"status": "unaffected",
"version": "5.19.12",
"versionType": "custom",
"lessThanOrEqual": "5.19.*"
},
{
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"drivers/firmware/arm_scmi/reset.c"
],
"defaultStatus": "affected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"vendor": "linux",
"product": "linux_kernel",
"versions": [
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "7184491fc515",
"versionType": "custom"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "f2277d9e2a0d",
"versionType": "custom"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "1f08a1b26cfc",
"versionType": "custom"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "8e65edf0d376",
"versionType": "custom"
},
{
"status": "affected",
"version": "95a15d80aa0d",
"lessThan": "e9076ffbcaed",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.4:*:*:*:*:*:*:*"
],
"vendor": "linux",
"product": "linux_kernel",
"versions": [
{
"status": "affected",
"version": "5.4"
}
],
"defaultStatus": "affected"
}
]References
git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de
git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf
git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e
git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268
git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108
lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Related
debiancve
debiancve
CVE-2022-48655
2024-04-28 13:15:07
redhatcve
redhatcve
CVE-2022-48655
2024-04-29 16:20:49
nvd
nvd
CVE-2022-48655
2024-04-28 13:15:07
ubuntucve
ubuntucve
CVE-2022-48655
2024-04-28 00:00:00
osv
osv
CVE-2022-48655
2024-04-28 13:15:00
linux-aws, linux-aws-5.4 vulnerabilities
2024-07-30 12:04:43
cvelist
cvelist
CVE-2022-48655 firmware: arm_scmi: Harden accesses to the reset domains
2024-04-28 13:01:00
cve
cve
CVE-2022-48655
2024-04-28 13:15:07
openvas
openvas
Ubuntu: Security Advisory (USN-6924-2)
2024-07-31 00:00:00
Ubuntu: Security Advisory (USN-6924-1)
2024-07-30 00:00:00
Debian: Security Advisory (DSA-5703-1)
2024-07-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-30 00:00:00
Linux kernel vulnerabilities
2024-07-29 00:00:00
Linux kernel (Raspberry Pi) vulnerabilities
2024-08-22 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6924-2)
2024-07-30 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6924-1)
2024-07-29 00:00:00
Debian dsa-5703 : affs-modules-5.10.0-29-4kc-malta-di - security update
2024-06-02 00:00:00
redos
redos
ROS-20240814-04
2024-08-14 00:00:00
debian
debian
[SECURITY] [DSA 5703-1] linux security update
2024-06-02 17:04:56
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
5.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2022-48655