CVE-2022-49035

media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE

Description

In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a patch
https://git.kernel.org/stable/c/fc0f76dd5f116fa9291327024dda392f8b4e849c patch
https://git.kernel.org/stable/c/a2728bf9b6c65e46468c763e3dab7e04839d4e11 patch
https://git.kernel.org/stable/c/4a449430ecfb199b99ba58af63c467eb53500b39 patch
https://git.kernel.org/stable/c/1609231f86760c1f6a429de7913dd795b9faa08c patch
https://git.kernel.org/stable/c/cbfa26936f318b16ccf9ca31b8e8b30c0dc087bd patch
https://git.kernel.org/stable/c/2654e785bd4aa2439cdffbe7dc1ea30a0eddbfe4 patch
https://git.kernel.org/stable/c/93f65ce036863893c164ca410938e0968964b26c patch

Frequently Asked Questions

What is the severity of CVE-2022-49035?
CVE-2022-49035 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49035?
To fix CVE-2022-49035, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49035 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49035 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49035?
CVE-2022-49035 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.