CVE-2022-48696

regmap: spi: Reserve space for register address/padding

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

regmap: spi: Reserve space for register address/padding

Currently the max_raw_read and max_raw_write limits in regmap_spi struct
do not take into account the additional size of the transmitted register
address and padding. This may result in exceeding the maximum permitted
SPI message size, which could cause undefined behaviour, e.g. data
corruption.

Fix regmap_get_spi_bus() to properly adjust the above mentioned limits
by reserving space for the register address/padding as set in the regmap
configuration.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regmap: spi: reserva de espacio para dirección/relleno de registro Actualmente, los límites max_raw_read y max_raw_write en la estructura regmap_spi no tienen en cuenta el tamaño adicional de la dirección de registro transmitida y el relleno. Esto puede dar como resultado que se exceda el tamaño de mensaje SPI máximo permitido, lo que podría causar un comportamiento indefinido, por ejemplo, corrupción de datos. Corrija regmap_get_spi_bus() para ajustar adecuadamente los límites mencionados anteriormente reservando espacio para la dirección/relleno del registro como se establece en la configuración de regmap.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-03 CVE Reserved
2024-05-03 CVE Published
2024-05-04 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/f231ff38b7b23197013b437128d196710fe282da	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e	2022-09-15
https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439	2022-08-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 5.19.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 5.19.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.0"		en		Affected