In the Linux kernel, the following vulnerability has been resolved:
of: fdt: fix off-by-one error in unflatten_dt_nodes()
Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")
forgot to fix up the depth check in the loop body in unflatten_dt_nodes()
which makes it possible to overflow the nps[] buffer...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-03T14:51:18.085Z
Updated: 2024-12-19T08:05:28.929Z
Reserved: 2024-02-25T13:44:28.321Z
Link: CVE-2022-48672
Vulnrichment
Updated: 2024-08-03T15:17:55.720Z
NVD
Status : Modified
Published: 2024-05-03T15:15:07.480
Modified: 2024-11-21T07:33:45.040
Link: CVE-2022-48672
Redhat