CVE-2022-48632: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

Q: What is the severity of CVE-2022-48632?

CVE-2022-48632 has a medium severity rating due to the potential for stack overflow vulnerabilities.

Q: How do I fix CVE-2022-48632?

To fix CVE-2022-48632, update your Linux kernel to one of the following versions: 5.10.146, 5.15.71, 5.19.12, or 6.0.

Q: What systems are affected by CVE-2022-48632?

CVE-2022-48632 affects the Linux kernel versions prior to the patched releases mentioned in its fix.

Q: What does CVE-2022-48632 affect?

CVE-2022-48632 affects the i2c subsystem in the Linux kernel, specifically related to stack overflow vulnerabilities.

Q: Is CVE-2022-48632 exploited in the wild?

As of now, there are no known active exploits for CVE-2022-48632 reported in the wild.

Published Apr 28, 2024

Updated

In the Linux kernel, the following vulnerability has been resolved:

i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction()

memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'dataidx' also increments.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction()

The Linux kernel CVE team has assigned CVE-2022-48632 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024042854-CVE-2022-48632-465f@gregkh/T

— Red Hat

Affected Software

17 affected componentsFixes available

Linux Linux kernel>=5.10<5.10.146

Linux Linux kernel>=5.11<5.15.71

Linux Linux kernel>=5.16<5.19.12

Linux Linux kernel=6.0-rc1

Linux Linux kernel=6.0-rc2

Linux Linux kernel=6.0-rc3

Linux Linux kernel=6.0-rc4

Linux Linux kernel=6.0-rc5

Linux Linux kernel=6.0-rc6

IBM Security Verify Governance<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2

IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

redhat/kernel<5.10.146

5.10.146

redhat/kernel<5.15.71

5.15.71

redhat/kernel<5.19.12

5.19.12

redhat/kernel<6.0

6.0

Remediation

Event History

Apr 28, 2024

CVE Published

via MITRE·12:59 PM

Data Sourced

via MITRE·12:59 PM

Description

Apr 29, 2024

Data Sourced

via Red Hat·04:22 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7230443

Frequently Asked Questions

What is the severity of CVE-2022-48632?

CVE-2022-48632 has a medium severity rating due to the potential for stack overflow vulnerabilities.

How do I fix CVE-2022-48632?

To fix CVE-2022-48632, update your Linux kernel to one of the following versions: 5.10.146, 5.15.71, 5.19.12, or 6.0.

What systems are affected by CVE-2022-48632?

CVE-2022-48632 affects the Linux kernel versions prior to the patched releases mentioned in its fix.

What does CVE-2022-48632 affect?

CVE-2022-48632 affects the i2c subsystem in the Linux kernel, specifically related to stack overflow vulnerabilities.

Is CVE-2022-48632 exploited in the wild?

As of now, there are no known active exploits for CVE-2022-48632 reported in the wild.

CVE-2022-48632: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

Other sources

Affected Software

Remediation

Patch Available

Patch Available

Patch Available

Patch Available

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2022-48632?

How do I fix CVE-2022-48632?

What systems are affected by CVE-2022-48632?

What does CVE-2022-48632 affect?

Is CVE-2022-48632 exploited in the wild?

Company

Resources

Contact