CVE-2022-49035

media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in
case it hasn't, check for this corner case.

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bug fixes.

*Credits: N/A

CVSS Scores

CISAv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2025-01-02 CVE Published
2025-10-29 CVE Updated
2025-11-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a	2022-11-10
https://git.kernel.org/stable/c/fc0f76dd5f116fa9291327024dda392f8b4e849c	2022-11-10
https://git.kernel.org/stable/c/a2728bf9b6c65e46468c763e3dab7e04839d4e11	2022-11-10
https://git.kernel.org/stable/c/4a449430ecfb199b99ba58af63c467eb53500b39	2022-11-10
https://git.kernel.org/stable/c/1609231f86760c1f6a429de7913dd795b9faa08c	2022-11-10
https://git.kernel.org/stable/c/cbfa26936f318b16ccf9ca31b8e8b30c0dc087bd	2022-11-10
https://git.kernel.org/stable/c/2654e785bd4aa2439cdffbe7dc1ea30a0eddbfe4	2022-11-10
https://git.kernel.org/stable/c/93f65ce036863893c164ca410938e0968964b26c	2022-09-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.9.333 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.9.333"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.14.299 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.14.299"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.19.265 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.19.265"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.154"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.0.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.0.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.1"		en		Affected