Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-39842
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-05 Sep, 2022 | 07:15
Updated At-17 May, 2024 | 02:12

An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions before 5.19(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>5.19
cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>5.19
cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>5.19
cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19cve@mitre.org
Release Notes
Vendor Advisory
https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7cve@mitre.org
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lore.kernel.org/all/YylaC1wHHyLw22D3%40kadam/T/cve@mitre.org
N/A
https://www.debian.org/security/2022/dsa-5257cve@mitre.org
Third Party Advisory
Change History
0Changes found
Details not found