CVE-2022-49946
- Source
- https://cve.org/CVERecord?id=CVE-2022-49946
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49946.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49946
- Downstream
- Related
- Published
- 2025-06-18T11:00:07.966Z
- Modified
- 2026-04-03T13:14:37.952387718Z
- Summary
- clk: bcm: rpi: Prevent out-of-bounds access
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
clk: bcm: rpi: Prevent out-of-bounds access
The while loop in raspberrypidiscoverclocks() relies on the assumption that the id of the last clock element is zero. Because this data comes from the Videocore firmware and it doesn't guarantuee such a behavior this could lead to out-of-bounds access. So fix this by providing a sentinel element.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49946.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d
- https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4
- https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34
- https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49946.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49946
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced93d2725affd65686792f4b57e49ef660f3c8c0f9Fixedfcae47b2d23c81603b01f56cf8db63ed64599d34Fixedff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2Fixedc8b04b731d43366824841ebdca4ac715f95e0ea4Fixedbc163555603e4ae9c817675ad80d618a4cdbfa2d