SB20241022314 - Input validation error in Linux kernel iio health driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022314
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-49031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the afe4403_read_raw() function in drivers/iio/health/afe4403.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0
- https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9
- https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df
- https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f
- https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c
- https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867
- https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb
- https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.301
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.335
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.158
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.226
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1