CVE-2022-48696
MediumIn the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the max_raw_read and max_raw_write limits in regmap_spi struct do not take into account the additional size of the transmitted register address and padding. This may result in exceeding the maximum permitted SPI message size, which could cause undefined behaviour, e.g. data corruption. Fix regmap_get_spi_bus() to properly adjust the above mentioned limits by reserving space for the register address/padding as set in the regmap configuration.
CVSS 3.1 score
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness type
CWE-120CVE-2022-48696 is classified as CWE-120
See CWE-120 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2022-48696 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e
-
PatchKernel patch commithttps://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439
Frequently asked questions
-
What is CVE-2022-48696?
CVE-2022-48696 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2022-48696 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2022-48696?
CVE-2022-48696 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. -
Is there a patch available for CVE-2022-48696?
No patch is currently available for CVE-2022-48696. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2022-48696 actively exploited?
No — CVE-2022-48696 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.