CVE-2022-49250

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: rx-macro: fix accessing compander for aux

AUX interpolator does not have compander, so check before accessing
compander data for this.

Without this checkan array of out bounds access will be made in
comp_enabled[] array.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
linuxlinux_kernel
5.12 ≤
𝑥
< 5.15.33
linuxlinux_kernel
5.16 ≤
𝑥
< 5.16.19
linuxlinux_kernel
5.17 ≤
𝑥
< 5.17.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/42c709c4e1ce4c136891530646c9abd5dff3524f
https://git.kernel.org/stable/c/6aa8ef9535dbd561293406608ebe791627b10196
https://git.kernel.org/stable/c/87a2b44cb3005d30c3a72234d1e47b03ae3bb29a
https://git.kernel.org/stable/c/9208ecc703b5ed5b12d7ea13c79207f4c8456638