CVE-2022-48951

HIGH

Linux Kernel Out-of-bounds Write in snd_soc_put_volsw_sx()

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks.

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 15.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (35)
linux/Kernel < 4.9.337linux
linux/Kernel 4.10.0 - 4.14.303linux
linux/Kernel 4.15.0 - 4.19.270linux
linux/Kernel 4.20.0 - 5.4.228linux
linux/Kernel 5.11.0 - 5.15.84linux
linux/Kernel 5.16.0 - 6.0.14linux
linux/Kernel 5.5.0 - 5.10.160linux
Linux/Linux < 5.17
Linux/Linux 038f8b7caa74d29e020949a43ca368c93f6b29b9 - 50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98
Linux/Linux 4.14.265 - 4.14.303
... and 25 more
Published Oct 21, 2024
Tracked Since Feb 18, 2026