CVE-2022-49035

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE

I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < 7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8aaffected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < fc0f76dd5f116fa9291327024dda392f8b4e849caffected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < a2728bf9b6c65e46468c763e3dab7e04839d4e11affected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < 4a449430ecfb199b99ba58af63c467eb53500b39affected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < 1609231f86760c1f6a429de7913dd795b9faa08caffected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < cbfa26936f318b16ccf9ca31b8e8b30c0dc087bdaffected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < 2654e785bd4aa2439cdffbe7dc1ea30a0eddbfe4affected
LinuxLinux1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < 93f65ce036863893c164ca410938e0968964b26caffected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux4.9.333 <= 4.9.*unaffected
LinuxLinux4.14.299 <= 4.14.*unaffected
LinuxLinux4.19.265 <= 4.19.*unaffected
LinuxLinux5.4.224 <= 5.4.*unaffected
LinuxLinux5.10.154 <= 5.10.*unaffected
LinuxLinux5.15.78 <= 5.15.*unaffected
LinuxLinux6.0.8 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References