CVE-2022-48655

firmware: arm_scmi: Harden accesses to the reset domains

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses.

References

Link	Tags
https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf	patch
https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108	patch
https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de	patch
https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e	patch
https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268	patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html	mailing list
https://security.netapp.com/advisory/ntap-20240912-0008/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-48655?: CVE-2022-48655 has been scored as a high severity vulnerability.
How to fix CVE-2022-48655?: To fix CVE-2022-48655, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48655 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-48655 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48655?: CVE-2022-48655 affects Linux Linux, Linux Linux.

Description

Categories

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-125 – Out-of-bounds Read

References

Frequently Asked Questions