In the Linux kernel, the following vulnerability has been resolved:
i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction()
memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c", "function": "mlxbf_i2c_smbus_start_transaction" }, "id": "CVE-2022-48632-0d5d8aac", "digest": { "length": 1624.0, "function_hash": "32879370691689719870367124564251603211" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc2a0c587006f29b724069740c48654b9dcaebd2" }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c" }, "id": "CVE-2022-48632-221b3da6", "digest": { "line_hashes": [ "10147436627106233259792993495077799527", "13636684118435160583949204364119163123", "175930433789607676067716669827885717141", "121301047104490388983800219655268542600" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc2a0c587006f29b724069740c48654b9dcaebd2" }, { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c", "function": "mlxbf_i2c_smbus_start_transaction" }, "id": "CVE-2022-48632-7cc3df95", "digest": { "length": 1624.0, "function_hash": "32879370691689719870367124564251603211" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48ee0a864d1af02eea98fc825cc230d61517a71e" }, { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c", "function": "mlxbf_i2c_smbus_start_transaction" }, "id": "CVE-2022-48632-835bedae", "digest": { "length": 1624.0, "function_hash": "32879370691689719870367124564251603211" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de24aceb07d426b6f1c59f33889d6a964770547b" }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c" }, "id": "CVE-2022-48632-886970ae", "digest": { "line_hashes": [ "10147436627106233259792993495077799527", "13636684118435160583949204364119163123", "175930433789607676067716669827885717141", "121301047104490388983800219655268542600" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@48ee0a864d1af02eea98fc825cc230d61517a71e" }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c" }, "id": "CVE-2022-48632-e1eba765", "digest": { "line_hashes": [ "10147436627106233259792993495077799527", "13636684118435160583949204364119163123", "175930433789607676067716669827885717141", "121301047104490388983800219655268542600" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b5ab5fbe69ebbee5692c72b05071a43fc0655d8" }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c" }, "id": "CVE-2022-48632-f41a0cb7", "digest": { "line_hashes": [ "10147436627106233259792993495077799527", "13636684118435160583949204364119163123", "175930433789607676067716669827885717141", "121301047104490388983800219655268542600" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de24aceb07d426b6f1c59f33889d6a964770547b" }, { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/i2c/busses/i2c-mlxbf.c", "function": "mlxbf_i2c_smbus_start_transaction" }, "id": "CVE-2022-48632-fb771df8", "digest": { "length": 1624.0, "function_hash": "32879370691689719870367124564251603211" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b5ab5fbe69ebbee5692c72b05071a43fc0655d8" } ] }