Buffer Overflow in Linux Kernel Affecting Media Device Communication
CVE-2022-49035

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
2 January 2025

What is CVE-2022-49035?

A vulnerability in the Linux kernel presents a potential risk in media device communication, particularly in implementations employing the Consumer Electronics Control (CEC) protocol. The flaw arises from the failure to properly limit the message length to the defined CEC_MAX_MSG_SIZE. Although hardware implementations are expected to constrain this to a maximum of 16 bytes, there is a possibility that this may not be enforced, leaving a corner case open for exploitation. This oversight could allow attackers to conduct unauthorized actions or trigger unexpected behavior within the affected systems. The Linux development community has addressed this issue in recent updates, underscoring the importance of applying security patches promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b < 7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a

Linux 1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b

Linux 1bcbf6f4b6b050eaf8f1fb1adf5c4779a3623c5b

References

https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418b...
https://git.kernel.org/stable/c/fc0f76dd5f116fa9291327024...
https://git.kernel.org/stable/c/a2728bf9b6c65e46468c763e3...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.