AZL-10861

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10861.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-10861

Upstream

CVE-2022-39842

Published

2022-09-05T07:15:08Z

Modified

2026-04-01T05:06:31.804235Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

CVE-2022-39842 affecting package kernel for versions less than 5.15.70.1-1

Details

An issue was discovered in the Linux kernel before 5.19. In pxa3xxgcuwrite in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of sizet versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copyfrom_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-39842

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.70.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-10861.json"