ghsa-2955-j2mm-qvcq
Vulnerability from github
Published
2024-05-03 18:30
Modified
2024-11-20 18:32
Details

In the Linux kernel, the following vulnerability has been resolved:

regmap: spi: Reserve space for register address/padding

Currently the max_raw_read and max_raw_write limits in regmap_spi struct do not take into account the additional size of the transmitted register address and padding. This may result in exceeding the maximum permitted SPI message size, which could cause undefined behaviour, e.g. data corruption.

Fix regmap_get_spi_bus() to properly adjust the above mentioned limits by reserving space for the register address/padding as set in the regmap configuration.

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2022-48696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T16:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: spi: Reserve space for register address/padding\n\nCurrently the max_raw_read and max_raw_write limits in regmap_spi struct\ndo not take into account the additional size of the transmitted register\naddress and padding.  This may result in exceeding the maximum permitted\nSPI message size, which could cause undefined behaviour, e.g. data\ncorruption.\n\nFix regmap_get_spi_bus() to properly adjust the above mentioned limits\nby reserving space for the register address/padding as set in the regmap\nconfiguration.",
  "id": "GHSA-2955-j2mm-qvcq",
  "modified": "2024-11-20T18:32:15Z",
  "published": "2024-05-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48696"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.