CVE-2022-48717

ASoC: max9759: fix underflow in speaker_gain_control_put()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: max9759: fix underflow in speaker_gain_control_put()

Check for negative values of "priv->gain" to prevent an out of bounds
access. The concern is that these might come from the user via:
-> snd_ctl_elem_write_user()
-> snd_ctl_elem_write()
-> kctl->put()

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: max9759: corrige el desbordamiento en altavoz_gain_control_put() Compruebe si hay valores negativos de "priv->gain" para evitar un acceso fuera de los límites. La preocupación es que estos puedan provenir del usuario a través de: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-06-21 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/fa8d915172b8c10ec0734c4021e99e9705023b07	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e	2022-02-08
https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc	2022-02-08
https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921	2022-02-08
https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c	2022-02-08
https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6	2022-02-08
https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964	2022-01-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 4.19.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.4.178 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.4.178"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.10.99 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.10.99"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.15.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.15.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.16.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.16.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.17"		en		Affected