CVE-2022-48717

medium

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()

References

https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6

https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c

https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e

https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc

https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921

https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964

Details

Source: Mitre, NVD

Published: 2024-06-20

Updated: 2024-06-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium