#VU92902 Out-of-bounds read in Linux kernel - CVE-2022-48737

Vulnerability identifier: #VU92902

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48737

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0
https://git.kernel.org/stable/c/4977491e4b3aad8567f57e2a9992d251410c1db3
https://git.kernel.org/stable/c/9a12fcbf3c622f9bf6b110a873d62b0cba93972e
https://git.kernel.org/stable/c/c33402b056de61104b6146dedbe138ca8d7ec62b
https://git.kernel.org/stable/c/038f8b7caa74d29e020949a43ca368c93f6b29b9
https://git.kernel.org/stable/c/e8e07c5e25a29e2a6f119fd947f55d7a55eb8a13
https://git.kernel.org/stable/c/ef6cd9eeb38062a145802b7b56be7ae1090e165e
https://git.kernel.org/stable/c/4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.