CVE-2022-48655

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Harden accesses to the reset domains

Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave.

Add an internal consistency check before any such domains descriptors accesses.

Published: Apr 28, 2024
Updated: May 1, 2024
CVE: CVE-2022-48655
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.16.x	5.19.12
linux / linux_kernel	6.0-rc3	6.0-rc3.x
linux / linux_kernel	6.0-rc1	6.0-rc1.x
linux / linux_kernel	6.0-rc2	6.0-rc2.x
linux / linux_kernel	6.0-rc4	6.0-rc4.x
linux / linux_kernel	6.0-rc5	6.0-rc5.x
linux / linux_kernel	6.0-rc6	6.0-rc6.x
linux / linux_kernel	5.11	5.15.71
linux / linux_kernel	5.5	5.10.218
linux / linux_kernel	5.4	5.4.277
debian / debian_linux	10.0	10.0.x

Vulnerability Database

289,697

CVE-2022-48655