CVE-2022-48672

May 3, 2024, 3:32 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to overflow the nps[] buffer... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e
https://git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0
https://git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf3fa1181
https://git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7
https://git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853
https://git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf
https://git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-03
CVE-2022-48672

Timeline

Published: May 3, 2024, 3:15 p.m.
Last Modified: May 3, 2024, 3:32 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.