CVE-2022-49145

ACPI: CPPC: Avoid out of bounds access when parsing _CPC data

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/

N/A
CVSS
Severity:
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5
https://git.kernel.org/stable/c/d208ea44e25b31db5a4d5e8c31df51787a3e9303
https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252
https://git.kernel.org/stable/c/cb249f8c00f40dba83b7da8207ac14ca46e9ec9e
https://git.kernel.org/stable/c/e5b681822cac1f8093759b02e16c06b2c64b6788
https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b
https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1
https://git.kernel.org/stable/c/d7339f2a3938fb56b5f28d53f5345900b5fa0e74
https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b

Frequently Asked Questions

What is the severity of CVE-2022-49145?
CVE-2022-49145 has not yet been assigned a CVSS score.
How to fix CVE-2022-49145?
To fix CVE-2022-49145, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49145 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49145 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49145?
CVE-2022-49145 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.