CVE-2022-48738

ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()

We don't currently validate that the values being set are within the range
we advertised to userspace as being valid, do so and reject any values
that are out of range.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-06-21 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (10)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d	2022-02-08
https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7	2022-02-08
https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf	2022-02-08
https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7	2022-02-08
https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a	2022-02-08
https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830	2022-02-08
https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d	2022-02-08
https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0	2022-01-25

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48738	2022-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=2293321	2022-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.300 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.265 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.265"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.178 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.178"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.99 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.99"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.22 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.16.8 Search vendor "Linux" for product "Linux Kernel" and version " < 5.16.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.17 Search vendor "Linux" for product "Linux Kernel" and version " < 5.17"		en		Affected