SB20240608117 - Out-of-bounds read in Linux kernel firmware arm_scmi driver
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608117
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2022-48655)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de
- https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e
- https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268
- https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf
- https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.218