Out-of-bounds read in Linux kernel - CVE-2022-48736
Published: June 20, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU92901
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48736
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2022-48736
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/17e16a66b4f9a310713d8599e6e1ca4a0c9fd28c
- https://git.kernel.org/stable/c/54abca038e287d3746dd40016514670a7f654c5c
- https://git.kernel.org/stable/c/7659f25a80e6affb784b690df8994b79b4212fd4
- https://git.kernel.org/stable/c/fd9a23319f16e7031f0d8c98eed6e093c2927229
- https://git.kernel.org/stable/c/6877f87579ed830f9ff6d478539074f035d04bfb
- https://git.kernel.org/stable/c/b0a7836ecf1345814a7d8ef748fb797c520dad18
- https://git.kernel.org/stable/c/e09cf398e8c6db69c620b6d8073abc4377a07af5
- https://git.kernel.org/stable/c/4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.265
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.300
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.178