Buffer Overflow in Linux Kernel Affecting Media Device Communication
CVE-2022-49035

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 2 January 2025

Summary

A vulnerability in the Linux kernel presents a potential risk in media device communication, particularly in implementations employing the Consumer Electronics Control (CEC) protocol. The flaw arises from the failure to properly limit the message length to the defined CEC_MAX_MSG_SIZE. Although hardware implementations are expected to constrain this to a maximum of 16 bytes, there is a possibility that this may not be enforced, leaving a corner case open for exploitation. This oversight could allow attackers to conduct unauthorized actions or trigger unexpected behavior within the affected systems. The Linux development community has addressed this issue in recent updates, underscoring the importance of applying security patches promptly.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418b...

https://git.kernel.org/stable/c/fc0f76dd5f116fa9291327024...

https://git.kernel.org/stable/c/a2728bf9b6c65e46468c763e3...

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Aug 22, 2024

Collectors

NVD DatabaseMitre Database