CVE-2022-48632

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2022-48632 RHSA-2024:2394 RHSA-2024:5101 RHSA-2024:5102 SUSE-SU-2024:1644-1 SUSE-SU-2024:1659-1

Analyzed

Published: 28 Apr 2024, 12:59

Last modified:11 May 2026, 18:44

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Apr 2024, 12:59

Published

Vulnerability first disclosed

11 May 2026, 18:44

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 6%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ b5b5b32081cd206baa6e58cca7f112d9723785d6, < 48ee0a864d1af02eea98fc825cc230d61517a71e | ≥ b5b5b32081cd206baa6e58cca7f112d9723785d6, < dc2a0c587006f29b724069740c48654b9dcaebd2 | ≥ b5b5b32081cd206baa6e58cca7f112d9723785d6, < 3b5ab5fbe69ebbee5692c72b05071a43fc0655d8 | ≥ b5b5b32081cd206baa6e58cca7f112d9723785d6, < de24aceb07d426b6f1c59f33889d6a964770547b | 5.10
linux•linux_kernel
≥ 5.10, < 5.10.146 | ≥ 5.11, < 5.15.71 | ≥ 5.16, < 5.19.12 | 6.0:rc1 | 6.0:rc2 | 6.0:rc3 | 6.0:rc4 | 6.0:rc5 | 6.0:rc6