CVE-2022-48632

HIGH

Linux Kernel 5.10-5.10.145, 5.11-5.15.70, 5.16-5.19.11 - Out-of-bounds Write in I2C MLXBF Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

Scores

CVSS v3 7.8
EPSS 0.0025
EPSS Percentile 16.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (15)
linux/Kernel 5.10.0 - 5.10.146linux
linux/Kernel 5.11.0 - 5.15.71linux
linux/Kernel 5.16.0 - 5.19.12linux
Linux/Linux < 5.10
Linux/Linux 5.10
Linux/Linux 5.10.146 - 5.10.*
Linux/Linux 5.15.71 - 5.15.*
Linux/Linux 5.19.12 - 5.19.*
Linux/Linux 6.0
Linux/Linux b5b5b32081cd206baa6e58cca7f112d9723785d6 - 3b5ab5fbe69ebbee5692c72b05071a43fc0655d8
... and 5 more
Published Apr 28, 2024
Tracked Since Feb 18, 2026