CVE-2022-48871

2024-08-2119:10:04

redhat.com

access.redhat.com

linux kernel

qcom-geni-serial

vulnerability

rx fifo buffer

uart

kasan

qualcomm

bluetooth

depth change

buffer resizing

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability was found in the Linux kernel’s qcom_geni_serial.c driver. A lack of proper size validation can lead to an out-of-bounds write caused by a mismatch between the RX FIFO buffer size and the actual RX FIFO depth after initialization. This issue can lead to memory corruption or crashes.

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.