CVE-2022-48804

arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with arrayindexnospec.

Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48804.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0ec459ec174031fad02a55e622cf2fc0d2e75a25

Fixed

830c5aa302ec16b4ee641aec769462c37f802c90

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4334a6ae867aa12f01c1755368fd0de4c926ac75

Fixed

2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e97267cb4d1ee01ca0929638ec0fcbb0904f903d

Fixed

170325aba4608bde3e7d21c9c19b7bc266ac0885

Fixed

ae3d57411562260ee3f4fd5e875f410002341104

Fixed

778302ca09498b448620edd372dc908bebf80bdf

Fixed

ffe54289b02e9c732d6f04c8ebbe3b2d90d32118

Fixed

6550bdf52846f85a2a3726a5aa0c7c4399f2fc02

Fixed

61cc70d9e8ef5b042d4ed87994d20100ec8896d9

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

458697ab18b512445ac273ce68a9f8fd623fc0a3

Last affected

1aa698b65186c13ed775896ed1dfec7c26c73d60

Last affected

52ef74c21c277e50de771fc722d814a830b3036b

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48804.json"