CVE-2022-50368

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dsi: fix memory corruption with too many bridges

Add the missing sanity check on the bridge counter to avoid corrupting
data beyond the fixed-sized bridge array in case there are ever more
than eight bridges.

Patchwork: https://patchwork.freedesktop.org/patch/502668/
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
linuxlinux_kernel
4.1 ≤
𝑥
< 4.19.264
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.223
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.153
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.77
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.7
linuxlinux_kernel
6.1:rc1
linuxlinux_kernel
6.1:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/21c4679af01f1027cb559330c2e7d410089b2b36
https://git.kernel.org/stable/c/2e786eb2f9cebb07e317226b60054df510b60c65
https://git.kernel.org/stable/c/4e5587cddb334f7a5bb1c49ea8bbfc966fafe1b8
https://git.kernel.org/stable/c/9f035d1fb30648fe70ee01627eb131c56d699b35
https://git.kernel.org/stable/c/e83b354890a3c1d5256162f87a6cc38c47ae7f20
https://git.kernel.org/stable/c/f649ed0e1b7a1545f8e27267d3c468b3cb222ece