PT-2024-9275 · Linux+3 · Linux Kernel+3

Dan Carpenter

Published

2024-06-20

Updated

2024-12-04

CVE-2022-48717

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to an underflow in the speaker gain control put() function, which can lead to an out of bounds access. The concern is that negative values of priv->gain might come from the user via snd ctl elem write user(), snd ctl elem write(), and kctl->put(). This could potentially allow an attacker to cause a denial of service.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2024-10963

CVE-2022-48717

OESA-2024-1835

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-9275 · Linux+3 · Linux Kernel+3

CVE-2022-48717

Weakness Enumeration

Related Identifiers

Affected Products

References · 1276