Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2022-48777

HistoryJul 16, 2024 - 12:15 p.m.

CVE-2022-48777

2024-07-1612:15:02

CWE-476

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

mtd parser

vulnerability fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mtd: parsers: qcom: Fix kernel panic on skipped partition

In the event of a skipped partition (case when the entry name is empty)
the kernel panics in the cleanup function as the name entry is NULL.
Rework the parser logic by first checking the real partition number and
then allocate the space and set the data for the valid partitions.

The logic was also fundamentally wrong as with a skipped partition, the
parts number returned was incorrect by not decreasing it for the skipped
partitions.

Affected configurations

Nvd

Node

linuxlinux_kernelRange5.12–5.12.25

linuxlinux_kernelRange5.16–5.16.11

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/65d003cca335cabc0160d3cd7daa689eaa9dd3cd

git.kernel.org/stable/c/a2995fe23095ceda2dc382fbe057f5e164595548

git.kernel.org/stable/c/eb03cb6e03ffd9173e18e5fe87e4e3ce83820453

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

Related for NVD:CVE-2022-48777