CVE-2022-48917

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min While the $val/$val2 values passed in from userspace are always >= 0 integers, the limits of the control can be signed integers and the $min can be non-zero and less than zero. To correctly validate $val/$val2 against platform_max, add the $min offset to val first.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622	Patch
https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34	Patch
https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7	Patch
https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846	Patch
https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043	Patch
https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed	Patch
https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c	Patch
https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-08-22 02:15

Updated : 2024-09-12 13:07

NVD link : CVE-2022-48917

Mitre link : CVE-2022-48917

CVE.ORG link : CVE-2022-48917

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-48917", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-22T02:15:05.853", "references": [{"url": "https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min\n\nWhile the $val/$val2 values passed in from userspace are always >= 0\nintegers, the limits of the control can be signed integers and the $min\ncan be non-zero and less than zero. To correctly validate $val/$val2\nagainst platform_max, add the $min offset to val first."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Shift valores probados en snd_soc_put_volsw() por +min Mientras que los valores $val/$val2 pasados desde el espacio de usuario son siempre >= 0 enteros, los l\u00edmites del control pueden ser n\u00fameros enteros con signo y $min puede ser distinto de cero y menor que cero. Para validar correctamente $val/$val2 contra platform_max, primero agregue el desplazamiento $min a val."}], "lastModified": "2024-09-12T13:07:29.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7078F5FD-8C44-4848-8434-373F11E2437F", "versionEndExcluding": "4.9.305", "versionStartIncluding": "4.9.300"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE350A5A-C35A-4391-8BF5-BD86BA58F692", "versionEndExcluding": "4.14.270", "versionStartIncluding": "4.14.265"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD48EEC-226F-4CEE-B62A-4C2E080C07DD", "versionEndExcluding": "4.19.233", "versionStartIncluding": "4.19.228"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFA7B940-F1DA-4FFA-B8CF-2207C6B13588", "versionEndExcluding": "5.4.183", "versionStartIncluding": "5.4.178"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB68B618-D9A9-4D08-825F-95066EBB07B8", "versionEndExcluding": "5.10.104", "versionStartIncluding": "5.10.99"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9274DE9A-1466-4660-ABE0-FCE84DFE75E3", "versionEndExcluding": "5.15.27", "versionStartIncluding": "5.15.22"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDE53E28-A078-4F10-B3B9-EE8482DCFEC7", "versionEndExcluding": "5.16.13", "versionStartIncluding": "5.16.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}