CVE-2022-48717: ASoC: max9759: fix underflow in speaker_gain_control_put()
First published: Thu Jun 20 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put()
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=4.17<4.19.228 | |
| Linux Kernel | >=4.20<5.4.178 | |
| Linux Kernel | >=5.5<5.10.99 | |
| Linux Kernel | >=5.11<5.15.22 | |
| Linux Kernel | >=5.16<5.16.8 | |
| Linux Kernel | =5.17-rc1 | |
| Linux Kernel | =5.17-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/a0f49d12547d45ea8b0f356a96632dd503941c1e
- https://git.kernel.org/stable/c/71e60c170105d153e34d01766c1e4db26a4b24cc
- https://git.kernel.org/stable/c/5a45448ac95b715173edb1cd090ff24b6586d921
- https://git.kernel.org/stable/c/baead410e5db49e962a67fffc17ac30e44b50b7c
- https://git.kernel.org/stable/c/f114fd6165dfb52520755cc4d1c1dfbd447b88b6
- https://git.kernel.org/stable/c/4c907bcd9dcd233da6707059d777ab389dcbd964
Frequently Asked Questions
What is the severity of CVE-2022-48717?
CVE-2022-48717 has been classified as a medium severity vulnerability.
How do I fix CVE-2022-48717?
To fix CVE-2022-48717, update to the latest version of the Linux kernel that includes the patch for this vulnerability.
What causes CVE-2022-48717?
CVE-2022-48717 is caused by an underflow in the speaker_gain_control_put function within the Linux kernel's ASoC subsystem.
What systems are affected by CVE-2022-48717?
CVE-2022-48717 affects systems running specific versions of the Linux kernel that include the ASoC component.
Is CVE-2022-48717 an exploit risk?
Yes, CVE-2022-48717 poses an exploit risk as it allows out-of-bounds access potentially leading to denial of service or other malicious activity.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/linux foundation
- canonical/linux kernel
- vendor/linux
- version/linux kernel/4.17
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.17-rc1
- version/linux kernel/5.17-rc2