|
1 | | -[id] |
2 | | -ave_id = "AVE-2022-0003" |
3 | | -cve_id = "CVE-2022-48716" |
4 | | -aliases = ["CVE-2022-48716"] |
5 | | - |
6 | 1 | [basic] |
7 | | -title = "Linux Kernel ASoC wcd938x 音频编解码器端口ID越界访问漏洞" |
8 | | -description = "Linux内核ASoC子系统中wcd938x音频编解码器驱动存在错误使用portid的漏洞。混音器控件将通道ID存储在mixer->reg中,但该值与实际端口ID不同,端口ID应从chan_info数组派生。攻击者可利用此漏洞通过使用通道ID代替端口ID越界访问port_map数组,从而破坏wcd938x_sdw_priv结构体,导致内核内存损坏或拒绝服务。该漏洞影响搭载受影响内核版本的Qualcomm音频设备。" |
9 | | -severity = "CRITICAL" |
10 | | -score = 9.8 |
11 | | -cvss_v3 = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" |
12 | | -published = "2024-06-20" |
13 | | -updated = "2025-04-01" |
14 | | -sources = ["nvd", "msrc", "redhat", "debian"] |
15 | | -remediation = "升级Linux内核至5.17-rc3或更高版本,该版本包含commit c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7的修复补丁。Debian用户可通过apt升级到修复版本(bullseye 5.10.251-5、bookworm 6.1.172-1、trixie 6.12.88-1)。" |
16 | | - |
17 | | -[affected] |
18 | | -vendor = "Linux Kernel" |
19 | | -product = "wcd938x ASoC Codec Driver" |
| 2 | +description = "" |
| 3 | +published = "" |
| 4 | +remediation = "Refer to vendor advisory and upgrade to fixed version." |
| 5 | +score = 0.0 |
| 6 | +severity = "UNKNOWN" |
| 7 | +sources = ["msrc"] |
| 8 | +title = "CVE-2022-48716" |
| 9 | +updated = "" |
20 | 10 |
|
21 | 11 | [exploit] |
22 | | -poc_urls = [] |
23 | 12 | exp_urls = [] |
| 13 | +poc_urls = [] |
24 | 14 |
|
25 | | -[nuclei_templates] |
26 | | - |
27 | | -[references] |
28 | | -urls = [ |
29 | | - "https://nvd.nist.gov/vuln/detail/CVE-2022-48716", |
30 | | - "https://osv.dev/vulnerability/CVE-2022-48716", |
31 | | - "https://www.tenable.com/cve/CVE-2022-48716", |
32 | | - "https://bugzilla.redhat.com/show_bug.cgi?id=2293286", |
33 | | - "https://security-tracker.debian.org/tracker/CVE-2022-48716", |
34 | | - "https://git.kernel.org/linus/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7" |
35 | | -] |
| 15 | +[id] |
| 16 | +aliases = ["CVE-2022-48716"] |
| 17 | +ave_id = "AVE-2022-0003" |
| 18 | +cve_id = "CVE-2022-48716" |
36 | 19 |
|
37 | 20 | [meta] |
38 | 21 | collected_at = "2026-07-11T00:08:57.158614382+00:00" |
39 | 22 | status = "completed" |
| 23 | + |
| 24 | +[references] |
| 25 | +urls = [] |
0 commit comments