• CVE-2022-48672

发布时间: 2024年8月30日

修改时间: 2024年8月30日

概要

In the Linux kernel, the following vulnerability has been resolved:of: fdt: fix off-by-one error in unflatten_dt_nodes()Commit 78c44d910d3e ( drivers/of: Fix depth when unflattening devicetree )forgot to fix up the depth check in the loop body in unflatten_dt_nodes()which makes it possible to overflow the nps[] buffer...Found by Linux Verification Center (linuxtesting.org) with the SVACE staticanalysis tool.

CVSS v3 指标

NVD openEuler
Confidentiality High High
Attack Vector Local Local
CVSS评分 7.8 7.8
Attack Complexity Low Low
Privileges Required Low Low
Scope Unchanged Unchanged
Integrity High High
User Interaction None None
Availability High High

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-2604 In the Linux kernel, the following vulnerability has been resolved:of: fdt: fix off-by-one error in unflatten_dt_nodes()Commit 78c44d910d3e ( drivers/of: Fix depth when unflattening devicetree )forgot to fix up the depth check in the loop body in unflatten_dt_nodes()which makes it possible to overflow the nps[] buffer...Found by Linux Verification Center (linuxtesting.org) with the SVACE staticanalysis tool. 2024年6月5日
KylinSec-SA-2024-4977 kernel security update 2025年2月28日

影响产品

产品 状态
KY3.5.2 kernel Fixed