CVE-2022-48945

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.1

Description The vulnerability is related to a buffer overflow issue in the vivid component of the Linux kernel. It occurs due to a failure to check boundaries after adjusting the compose height in the V4L2 SEL TGT CROP case. This can lead to a page fault and potentially allow an attacker to elevate privileges in the system. The issue was discovered by syzkaller and is fixed by adding the v4l2 rect map inside() function. The vulnerability can be exploited from the local network.

Recommendations To resolve the issue, upgrade the Linux kernel to version 6.1.1 or later. As a temporary workaround, consider disabling the vivid component until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the compose function in the affected API endpoint until the issue is resolved.