ГлавнаяУязвимости → CVE-2022-48632
7.8высокая

CVE-2022-48632

→ есть в БДУ: BDU:2024-10026 (на русском)
Описание (на английском; русское — в БДУ выше)

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

Затрагиваемое ПО
Linux Linux kernel
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://git.kernel.org/stable/c/3b5ab5fbe69ebbee5692c72b05071a43fc0655d8https://git.kernel.org/stable/c/48ee0a864d1af02eea98fc825cc230d61517a71ehttps://git.kernel.org/stable/c/dc2a0c587006f29b724069740c48654b9dcaebd2https://git.kernel.org/stable/c/de24aceb07d426b6f1c59f33889d6a964770547bhttps://git.kernel.org/stable/c/3b5ab5fbe69ebbee5692c72b05071a43fc0655d8https://git.kernel.org/stable/c/48ee0a864d1af02eea98fc825cc230d61517a71ehttps://git.kernel.org/stable/c/dc2a0c587006f29b724069740c48654b9dcaebd2https://git.kernel.org/stable/c/de24aceb07d426b6f1c59f33889d6a964770547b