cve-2022-48917
Vulnerability from cvelistv5
Published
2024-08-22 01:32
Modified
2024-12-19 08:10
Severity ?
EPSS score ?
Summary
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:41.292855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:01.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69f42e41256d5a234d3ae0d35fa66dc6d8171846",
"status": "affected",
"version": "40f598698129b5ceaf31012f9501b775c7b6e57d",
"versionType": "git"
},
{
"lessThan": "7e0e4bc93811cf600508ff36f07abea7b40643ed",
"status": "affected",
"version": "586ef863c94354a7e00e5ae5ef01443d1dc99bc7",
"versionType": "git"
},
{
"lessThan": "0b2ecc9163472128e7f30b517bee92dcd27ffc34",
"status": "affected",
"version": "65a61b1f56f5386486757930069fbdce94af08bf",
"versionType": "git"
},
{
"lessThan": "f3537f1b2bfd3b1df15723df49fc26eccd5112fe",
"status": "affected",
"version": "68fd718724284788fc5f379e0b7cac541429ece7",
"versionType": "git"
},
{
"lessThan": "6951a5888165a38bb7c39a2d18f5668b2f1241c7",
"status": "affected",
"version": "a9394f21fba027147bf275b083c77955864c366a",
"versionType": "git"
},
{
"lessThan": "050b1821f27c5d4fd5a298f6e62c3d3c9335e622",
"status": "affected",
"version": "9e8895f1b3d4433f6d78aa6578e9db61ca6e6830",
"versionType": "git"
},
{
"lessThan": "70712d5afbbea898d5f51fa02e315fe0a4835043",
"status": "affected",
"version": "bb72d2dda85564c66d909108ea6903937a41679d",
"versionType": "git"
},
{
"lessThan": "9bdd10d57a8807dba0003af0325191f3cec0f11c",
"status": "affected",
"version": "817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.9.305",
"status": "affected",
"version": "4.9.300",
"versionType": "semver"
},
{
"lessThan": "4.14.270",
"status": "affected",
"version": "4.14.265",
"versionType": "semver"
},
{
"lessThan": "4.19.233",
"status": "affected",
"version": "4.19.228",
"versionType": "semver"
},
{
"lessThan": "5.4.183",
"status": "affected",
"version": "5.4.178",
"versionType": "semver"
},
{
"lessThan": "5.10.104",
"status": "affected",
"version": "5.10.99",
"versionType": "semver"
},
{
"lessThan": "5.15.27",
"status": "affected",
"version": "5.15.22",
"versionType": "semver"
},
{
"lessThan": "5.16.13",
"status": "affected",
"version": "5.16.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min\n\nWhile the $val/$val2 values passed in from userspace are always \u003e= 0\nintegers, the limits of the control can be signed integers and the $min\ncan be non-zero and less than zero. To correctly validate $val/$val2\nagainst platform_max, add the $min offset to val first."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T08:10:28.374Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846"
},
{
"url": "https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed"
},
{
"url": "https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34"
},
{
"url": "https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe"
},
{
"url": "https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7"
},
{
"url": "https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622"
},
{
"url": "https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043"
},
{
"url": "https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c"
}
],
"title": "ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48917",
"datePublished": "2024-08-22T01:32:20.608Z",
"dateReserved": "2024-08-21T06:06:23.295Z",
"dateUpdated": "2024-12-19T08:10:28.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48917\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-22T02:15:05.853\",\"lastModified\":\"2024-09-12T13:07:29.723\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min\\n\\nWhile the $val/$val2 values passed in from userspace are always \u003e= 0\\nintegers, the limits of the control can be signed integers and the $min\\ncan be non-zero and less than zero. To correctly validate $val/$val2\\nagainst platform_max, add the $min offset to val first.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Shift valores probados en snd_soc_put_volsw() por +min Mientras que los valores $val/$val2 pasados desde el espacio de usuario son siempre \u0026gt;= 0 enteros, los l\u00edmites del control pueden ser n\u00fameros enteros con signo y $min puede ser distinto de cero y menor que cero. Para validar correctamente $val/$val2 contra platform_max, primero agregue el desplazamiento $min a val.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9.300\",\"versionEndExcluding\":\"4.9.305\",\"matchCriteriaId\":\"7078F5FD-8C44-4848-8434-373F11E2437F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.265\",\"versionEndExcluding\":\"4.14.270\",\"matchCriteriaId\":\"EE350A5A-C35A-4391-8BF5-BD86BA58F692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.228\",\"versionEndExcluding\":\"4.19.233\",\"matchCriteriaId\":\"CAD48EEC-226F-4CEE-B62A-4C2E080C07DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.178\",\"versionEndExcluding\":\"5.4.183\",\"matchCriteriaId\":\"BFA7B940-F1DA-4FFA-B8CF-2207C6B13588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.99\",\"versionEndExcluding\":\"5.10.104\",\"matchCriteriaId\":\"EB68B618-D9A9-4D08-825F-95066EBB07B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.22\",\"versionEndExcluding\":\"5.15.27\",\"matchCriteriaId\":\"9274DE9A-1466-4660-ABE0-FCE84DFE75E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.8\",\"versionEndExcluding\":\"5.16.13\",\"matchCriteriaId\":\"EDE53E28-A078-4F10-B3B9-EE8482DCFEC7\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.