cve-2022-48696
Vulnerability from cvelistv5
Published
2024-05-03 15:09
Modified
2024-12-19 08:05
Summary
In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the max_raw_read and max_raw_write limits in regmap_spi struct do not take into account the additional size of the transmitted register address and padding. This may result in exceeding the maximum permitted SPI message size, which could cause undefined behaviour, e.g. data corruption. Fix regmap_get_spi_bus() to properly adjust the above mentioned limits by reserving space for the register address/padding as set in the regmap configuration.
Impacted products
Vendor Product Version
Linux Linux Version: 5.16
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48696",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T19:17:13.192981Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T14:43:46.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regmap-spi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "15ff1f17847c19174b260bd7dd0de33edcebd45e",
              "status": "affected",
              "version": "f231ff38b7b23197013b437128d196710fe282da",
              "versionType": "git"
            },
            {
              "lessThan": "f5723cfc01932c7a8d5c78dbf7e067e537c91439",
              "status": "affected",
              "version": "f231ff38b7b23197013b437128d196710fe282da",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regmap-spi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: spi: Reserve space for register address/padding\n\nCurrently the max_raw_read and max_raw_write limits in regmap_spi struct\ndo not take into account the additional size of the transmitted register\naddress and padding.  This may result in exceeding the maximum permitted\nSPI message size, which could cause undefined behaviour, e.g. data\ncorruption.\n\nFix regmap_get_spi_bus() to properly adjust the above mentioned limits\nby reserving space for the register address/padding as set in the regmap\nconfiguration."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:05:45.770Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439"
        }
      ],
      "title": "regmap: spi: Reserve space for register address/padding",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48696",
    "datePublished": "2024-05-03T15:09:48.280Z",
    "dateReserved": "2024-05-03T14:55:07.145Z",
    "dateUpdated": "2024-12-19T08:05:45.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48696\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-03T16:15:08.290\",\"lastModified\":\"2024-11-21T07:33:48.377\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nregmap: spi: Reserve space for register address/padding\\n\\nCurrently the max_raw_read and max_raw_write limits in regmap_spi struct\\ndo not take into account the additional size of the transmitted register\\naddress and padding.  This may result in exceeding the maximum permitted\\nSPI message size, which could cause undefined behaviour, e.g. data\\ncorruption.\\n\\nFix regmap_get_spi_bus() to properly adjust the above mentioned limits\\nby reserving space for the register address/padding as set in the regmap\\nconfiguration.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regmap: spi: reserva de espacio para direcci\u00f3n/relleno de registro Actualmente, los l\u00edmites max_raw_read y max_raw_write en la estructura regmap_spi no tienen en cuenta el tama\u00f1o adicional de la direcci\u00f3n de registro transmitida y el relleno. Esto puede dar como resultado que se exceda el tama\u00f1o de mensaje SPI m\u00e1ximo permitido, lo que podr\u00eda causar un comportamiento indefinido, por ejemplo, corrupci\u00f3n de datos. Corrija regmap_get_spi_bus() para ajustar adecuadamente los l\u00edmites mencionados anteriormente reservando espacio para la direcci\u00f3n/relleno del registro como se establece en la configuraci\u00f3n de regmap.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.