CVE-2022-48672

of: fdt: fix off-by-one error in unflatten_dt_nodes()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

of: fdt: fix off-by-one error in unflatten_dt_nodes()

Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")
forgot to fix up the depth check in the loop body in unflatten_dt_nodes()
which makes it possible to overflow the nps[] buffer...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: de: fdt: corrige el error uno por uno en unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: corrige la profundidad al desacoplar el árbol de dispositivos") olvidó arreglar la comprobación de profundidad el cuerpo del bucle en unflatten_dt_nodes() que permite desbordar el búfer nps[]... Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-03 CVE Published
2024-05-24 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-193: Off-by-one Error

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/78c44d910d3e5f96dc6b3695fc1e4efd7c46a455	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853	2022-09-28
https://git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0	2022-09-28
https://git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf	2022-09-28
https://git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c	2022-09-23
https://git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7	2022-09-23
https://git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e	2022-09-23
https://git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf3fa1181	2022-08-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 4.14.295 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 4.14.295"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 4.19.260 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 4.19.260"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.4.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.4.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.10.145 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.10.145"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.15.70 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.15.70"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 5.19.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 5.19.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.7 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 6.0"		en		Affected