CVE-2022-49478

media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

MITRE, TN

CWE (0)

CAPEC (-)

Risk

CVSS Score

7.8 High

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (9)

>= 2.6.18 < 4.9.318, >= 2.6.18 < 4.14.283, >= 2.6.18 < 4.19.247, >= 2.6.18 < 5.4.198, >= 2.6.18 < 5.10.121, >= 2.6.18 < 5.15.46, >= 2.6.18 < 5.17.14, >= 2.6.18 < 5.18.3, >= 2.6.18 < 5.19

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (10)

General (1)

kernel

Exploits & POcs (-)

Patches (9)

kernel

Advisories (-)

Summary

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in
missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails
this value remains unchanged. Since code blindly uses this member for
array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in
__flush_work.

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work.

*Credits: N/A

CVSS Scores

Tenablev3 7.8
Tenablev2 9.0

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/d855497edbfbf9e19a17f4a1154bca69cb4bd9ba	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67	2022-06-14
https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e	2022-06-14
https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7	2022-06-14
https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827	2022-06-14
https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9	2022-06-09
https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a	2022-06-09
https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511	2022-06-09
https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e	2022-06-09
https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059	2022-05-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 4.9.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 4.9.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 4.14.283 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 4.14.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 4.19.247 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 4.19.247"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.4.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.4.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.10.121 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.10.121"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.15.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.15.46"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.17.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.17.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.18.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.18.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.18 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.18 < 5.19"		en		Affected

CVE-2022-49478

media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (10)

Affected Vendors, Products, and Versions