CVE-2022-48717

ASoC: max9759: fix underflow in speaker_gain_control_put()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds
access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: max9759: corrige el desbordamiento en altavoz_gain_control_put() Compruebe si hay valores negativos de "priv->gain" para evitar un acceso fuera de los límites. La preocupación es que estos puedan provenir del usuario a través de: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/fa8d915172b8c10ec0734c4021e99e9705023b07	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e	2022-02-08
https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc	2022-02-08
https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921	2022-02-08
https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c	2022-02-08
https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6	2022-02-08
https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964	2022-01-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 4.19.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.4.178 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.4.178"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.10.99 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.10.99"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.15.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.15.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.16.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.16.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.17"		en		Affected