CVE-2022-48738

HIGH

Linux Kernel < 4.9.300 - Out-of-Bounds Read

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the range we advertised to userspace as being valid, do so and reject any values that are out of range.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d

Patch

https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7

Patch

https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf

Patch

https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7

Patch

https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0

Patch

https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830

Patch

https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a

Patch

https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d

Scores

CVSS v3 7.1

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (9)

linux/Kernel 3.15.0 - 4.9.300linux

linux/Kernel 4.10.0 - 4.14.265linux

linux/Kernel 4.15.0 - 4.19.228linux

linux/Kernel 4.20.0 - 5.4.178linux

linux/Kernel 5.11.0 - 5.15.22linux

linux/Kernel 5.16.0 - 5.16.8linux

linux/Kernel 5.5.0 - 5.10.99linux

linux/linux_kernel 5.17 rc1 (2 CPE variants)

linux/linux_kernel < 4.9.300

Published Jun 20, 2024

Tracked Since Feb 18, 2026