CVE-2022-48717

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: max9759: fix underflow in speaker_gain_control_put()

Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfa8d915172b8c10ec0734c4021e99e9705023b07 < a0f49d12547d45ea8b0f356a96632dd503941c1eaffected
LinuxLinuxfa8d915172b8c10ec0734c4021e99e9705023b07 < 71e60c170105d153e34d01766c1e4db26a4b24ccaffected
LinuxLinuxfa8d915172b8c10ec0734c4021e99e9705023b07 < 5a45448ac95b715173edb1cd090ff24b6586d921affected
LinuxLinuxfa8d915172b8c10ec0734c4021e99e9705023b07 < baead410e5db49e962a67fffc17ac30e44b50b7caffected
LinuxLinuxfa8d915172b8c10ec0734c4021e99e9705023b07 < f114fd6165dfb52520755cc4d1c1dfbd447b88b6affected
LinuxLinuxfa8d915172b8c10ec0734c4021e99e9705023b07 < 4c907bcd9dcd233da6707059d777ab389dcbd964affected
LinuxLinux4.17affected
LinuxLinux0 < 4.17unaffected
LinuxLinux4.19.228 <= 4.19.*unaffected
LinuxLinux5.4.178 <= 5.4.*unaffected
LinuxLinux5.10.99 <= 5.10.*unaffected
LinuxLinux5.15.22 <= 5.15.*unaffected
LinuxLinux5.16.8 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References