CVE-2022-48732: drm/nouveau: fix off by one in BIOS boundary checking
First published: Thu Jun 20 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.8<4.9.300 | |
| Linux Kernel | >=4.10<4.14.265 | |
| Linux Kernel | >=4.15<4.19.228 | |
| Linux Kernel | >=4.20<5.4.178 | |
| Linux Kernel | >=5.5<5.10.99 | |
| Linux Kernel | >=5.11<5.15.22 | |
| Linux Kernel | >=5.16<5.16.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad
- https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2
- https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882
- https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c
- https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73
- https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06
- https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369
- https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a
Frequently Asked Questions
What is the severity of CVE-2022-48732?
CVE-2022-48732 has not been assigned a CVSS score, but it is categorized as a low severity vulnerability due to its limited impact.
What does CVE-2022-48732 affect?
CVE-2022-48732 affects specific versions of the Linux kernel regarding BIOS boundary checking in the Nouveau driver.
How do I fix CVE-2022-48732?
To fix CVE-2022-48732, update your Linux kernel to a version that incorporates the relevant patches.
Which Linux kernel versions are vulnerable to CVE-2022-48732?
Linux kernel versions from 4.8 up to 5.16.8 are vulnerable to CVE-2022-48732.
What are the consequences of exploiting CVE-2022-48732?
Exploiting CVE-2022-48732 could lead to driver initialization failure on affected systems, potentially impacting hardware operations.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/weakness
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.8
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16