CVE-2022-48655
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Harden accesses to the reset domains
Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave.
Add an internal consistency check before any such domains descriptors accesses.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 < 7184491fc515f391afba23d0e9b690caaea72daf | affected |
| Linux | Linux | 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 < f2277d9e2a0d092c13bae7ee82d75432bb8b5108 | affected |
| Linux | Linux | 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 < 1f08a1b26cfc53b7715abc46857c6023bb1b87de | affected |
| Linux | Linux | 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 < 8e65edf0d37698f7a6cb174608d3ec7976baf49e | affected |
| Linux | Linux | 95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 < e9076ffbcaed5da6c182b144ef9f6e24554af268 | affected |
| Linux | Linux | 5.4 | affected |
| Linux | Linux | 0 < 5.4 | unaffected |
| Linux | Linux | 5.4.277 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.218 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.71 <= 5.15.* | unaffected |
| Linux | Linux | 5.19.12 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf
- https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108
- https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de
- https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e
- https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://security.netapp.com/advisory/ntap-20240912-0008/
References
- https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf
- https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108
- https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de
- https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e
- https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.