Out-of-bounds read in Linux kernel soc



Published: 2024-06-20
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-48737
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU92902

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48737

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0
http://git.kernel.org/stable/c/4977491e4b3aad8567f57e2a9992d251410c1db3
http://git.kernel.org/stable/c/9a12fcbf3c622f9bf6b110a873d62b0cba93972e
http://git.kernel.org/stable/c/c33402b056de61104b6146dedbe138ca8d7ec62b
http://git.kernel.org/stable/c/038f8b7caa74d29e020949a43ca368c93f6b29b9
http://git.kernel.org/stable/c/e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13
http://git.kernel.org/stable/c/ef6cd9eeb38062a145802b7b56be7ae1090e165e
http://git.kernel.org/stable/c/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###