CVE-2022-48732

drm/nouveau: fix off by one in BIOS boundary checking

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad patch
https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2 patch
https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882 patch
https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c patch
https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73 patch
https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06 patch
https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369 patch
https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a patch

Frequently Asked Questions

What is the severity of CVE-2022-48732?
CVE-2022-48732 has been scored as a high severity vulnerability.
How to fix CVE-2022-48732?
To fix CVE-2022-48732, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48732 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48732 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48732?
CVE-2022-48732 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.