CVE-2022-48632
HIGHLinux Kernel 5.10-5.10.145, 5.11-5.15.70, 5.16-5.19.11 - Out-of-bounds Write in I2C MLXBF Driver
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.
References (4)
Core 4
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/48ee0a864d1af02eea98fc825cc230d61517a71e
Mailing List, Patch
https://git.kernel.org/stable/c/dc2a0c587006f29b724069740c48654b9dcaebd2
Mailing List, Patch
https://git.kernel.org/stable/c/3b5ab5fbe69ebbee5692c72b05071a43fc0655d8
Mailing List, Patch
https://git.kernel.org/stable/c/de24aceb07d426b6f1c59f33889d6a964770547b
Scores
CVSS v3
7.8
EPSS
0.0025
EPSS Percentile
16.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (15)
linux/Kernel
5.10.0 - 5.10.146linux
linux/Kernel
5.11.0 - 5.15.71linux
linux/Kernel
5.16.0 - 5.19.12linux
Linux/Linux
< 5.10
Linux/Linux
5.10
Linux/Linux
5.10.146 - 5.10.*
Linux/Linux
5.15.71 - 5.15.*
Linux/Linux
5.19.12 - 5.19.*
Linux/Linux
6.0
Linux/Linux
b5b5b32081cd206baa6e58cca7f112d9723785d6 - 3b5ab5fbe69ebbee5692c72b05071a43fc0655d8
... and 5 more
Published
Apr 28, 2024
Tracked Since
Feb 18, 2026