[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-48871":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":41,"related":42,"reserved_at":9,"published_at":48,"modified_at":49,"state":50,"summary":51,"references_raw":60,"kevs":79,"epss":80,"epss_history":83,"metrics":336,"affected":342},"CVE-2022-48871","In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer\n\nDriver's probe allocates memory for RX FIFO (port->rx_fifo) based on\ndefault RX FIFO depth, e.g. 16.  Later during serial startup the\nqcom_geni_serial_port_setup() updates the RX FIFO depth\n(port->rx_fifo_depth) to match real device capabilities, e.g. to 32.\n\nThe RX UART handle code will read \"port->rx_fifo_depth\" number of words\ninto \"port->rx_fifo\" buffer, thus exceeding the bounds.  This can be\nobserved in certain configurations with Qualcomm Bluetooth HCI UART\ndevice and KASAN:\n\n  Bluetooth: hci0: QCA Product ID   :0x00000010\n  Bluetooth: hci0: QCA SOC Version  :0x400a0200\n  Bluetooth: hci0: QCA ROM Version  :0x00000200\n  Bluetooth: hci0: QCA Patch Version:0x00000d2b\n  Bluetooth: hci0: QCA controller version 0x02000200\n  Bluetooth: hci0: QCA Downloading qca/htbtfw20.tlv\n  bluetooth hci0: Direct firmware load for qca/htbtfw20.tlv failed with error -2\n  Bluetooth: hci0: QCA Failed to request file: qca/htbtfw20.tlv (-2)\n  Bluetooth: hci0: QCA Failed to download patch (-2)\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in handle_rx_uart+0xa8/0x18c\n  Write of size 4 at addr ffff279347d578c0 by task swapper/0/0\n\n  CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rt5-00350-gb2450b7e00be-dirty #26\n  Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n  Call trace:\n   dump_backtrace.part.0+0xe0/0xf0\n   show_stack+0x18/0x40\n   dump_stack_lvl+0x8c/0xb8\n   print_report+0x188/0x488\n   kasan_report+0xb4/0x100\n   __asan_store4+0x80/0xa4\n   handle_rx_uart+0xa8/0x18c\n   qcom_geni_serial_handle_rx+0x84/0x9c\n   qcom_geni_serial_isr+0x24c/0x760\n   __handle_irq_event_percpu+0x108/0x500\n   handle_irq_event+0x6c/0x110\n   handle_fasteoi_irq+0x138/0x2cc\n   generic_handle_domain_irq+0x48/0x64\n\nIf the RX FIFO depth changes after probe, be sure to resize the buffer.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39],{"_key":28},"SUSE-SU-2024:3227-1",{"_key":30},"SUSE-SU-2024:3408-1",{"_key":32},"SUSE-SU-2024:3190-1",{"_key":34},"SUSE-SU-2024:3209-1",{"_key":36},"SUSE-SU-2024:3483-1",{"_key":38},"UBUNTU-CVE-2022-48871",{"_key":40},"DEBIAN-CVE-2022-48871",[],[43,44,45,46,47],{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},"2024-08-21T06:10:01.859Z","2026-05-11T18:48:46.456Z","Analyzed",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":53,"epss_score":54,"severity":55,"severity_score":56,"severity_version":57,"severity_source":58,"severity_vector":59,"severity_status":50},false,"low",0.00016,"high",7.1,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",[61,67,71,75],{"url":62,"sources":63,"tags":65},"https://git.kernel.org/stable/c/894681682dbefdad917b88f86cde1069140a047a",[64,58],"cve.org",[66],"Patch",{"url":68,"sources":69,"tags":70},"https://git.kernel.org/stable/c/cb53a3366eb28fed67850c80afa52075bb71a38a",[64,58],[66],{"url":72,"sources":73,"tags":74},"https://git.kernel.org/stable/c/fd524ca7fe45b8a06dca2dd546d62684a9768f95",[64,58],[66],{"url":76,"sources":77,"tags":78},"https://git.kernel.org/stable/c/b8caf69a6946e18ffebad49847e258f5b6d52ac2",[64,58],[66],[],{"date":81,"score":54,"percentile":82},"2026-06-03",0.03594,[84,88,91,94,97,100,102,105,108,111,114,117,120,123,126,130,133,136,139,142,145,148,151,153,156,159,162,165,168,171,174,176,179,182,185,188,191,194,197,200,203,206,209,212,215,218,221,224,227,229,232,235,238,241,243,246,249,252,255,258,260,263,265,268,271,274,277,280,282,285,287,289,292,295,297,300,302,304,306,308,311,314,317,319,322,324,326,328,330,333],{"date":85,"score":86,"percentile":87},"2025-11-04",0.00009,0.00645,{"date":89,"score":86,"percentile":90},"2025-11-05",0.00647,{"date":92,"score":54,"percentile":93},"2025-11-06",0.02374,{"date":95,"score":54,"percentile":96},"2025-11-07",0.02387,{"date":98,"score":54,"percentile":99},"2025-11-08",0.02401,{"date":101,"score":54,"percentile":99},"2025-11-09",{"date":103,"score":54,"percentile":104},"2025-11-10",0.02372,{"date":106,"score":54,"percentile":107},"2025-11-11",0.02383,{"date":109,"score":54,"percentile":110},"2025-11-12",0.02394,{"date":112,"score":54,"percentile":113},"2025-11-13",0.02424,{"date":115,"score":54,"percentile":116},"2025-11-14",0.02442,{"date":118,"score":54,"percentile":119},"2025-11-15",0.02471,{"date":121,"score":54,"percentile":122},"2025-11-16",0.0247,{"date":124,"score":54,"percentile":125},"2025-11-17",0.02457,{"date":127,"score":128,"percentile":129},"2025-11-18",0.00071,0.17815,{"date":131,"score":128,"percentile":132},"2025-11-19",0.17838,{"date":134,"score":128,"percentile":135},"2025-11-20",0.17812,{"date":137,"score":54,"percentile":138},"2025-11-21",0.02531,{"date":140,"score":54,"percentile":141},"2025-11-22",0.02529,{"date":143,"score":54,"percentile":144},"2025-11-23",0.02522,{"date":146,"score":54,"percentile":147},"2025-11-24",0.0251,{"date":149,"score":54,"percentile":150},"2025-11-25",0.02492,{"date":152,"score":54,"percentile":119},"2025-11-26",{"date":154,"score":54,"percentile":155},"2025-11-27",0.02466,{"date":157,"score":54,"percentile":158},"2025-11-28",0.02469,{"date":160,"score":54,"percentile":161},"2025-11-29",0.02519,{"date":163,"score":54,"percentile":164},"2025-11-30",0.02521,{"date":166,"score":54,"percentile":167},"2025-12-01",0.02575,{"date":169,"score":54,"percentile":170},"2025-12-02",0.02567,{"date":172,"score":54,"percentile":173},"2025-12-03",0.02568,{"date":175,"score":54,"percentile":147},"2025-12-04",{"date":177,"score":54,"percentile":178},"2025-12-05",0.02523,{"date":180,"score":54,"percentile":181},"2025-12-06",0.02535,{"date":183,"score":54,"percentile":184},"2025-12-07",0.02544,{"date":186,"score":54,"percentile":187},"2025-12-08",0.0254,{"date":189,"score":54,"percentile":190},"2025-12-09",0.02559,{"date":192,"score":54,"percentile":193},"2025-12-10",0.02583,{"date":195,"score":54,"percentile":196},"2025-12-11",0.02591,{"date":198,"score":54,"percentile":199},"2025-12-12",0.02603,{"date":201,"score":54,"percentile":202},"2025-12-13",0.02587,{"date":204,"score":54,"percentile":205},"2025-12-14",0.02589,{"date":207,"score":54,"percentile":208},"2025-12-15",0.02581,{"date":210,"score":54,"percentile":211},"2025-12-16",0.02579,{"date":213,"score":54,"percentile":214},"2025-12-17",0.02595,{"date":216,"score":54,"percentile":217},"2025-12-18",0.02598,{"date":219,"score":54,"percentile":220},"2025-12-19",0.02605,{"date":222,"score":54,"percentile":223},"2025-12-20",0.02602,{"date":225,"score":54,"percentile":226},"2025-12-21",0.02609,{"date":228,"score":54,"percentile":226},"2025-12-22",{"date":230,"score":54,"percentile":231},"2025-12-23",0.02613,{"date":233,"score":54,"percentile":234},"2025-12-24",0.02615,{"date":236,"score":54,"percentile":237},"2025-12-25",0.02622,{"date":239,"score":54,"percentile":240},"2025-12-26",0.02625,{"date":242,"score":54,"percentile":231},"2025-12-27",{"date":244,"score":54,"percentile":245},"2025-12-28",0.02624,{"date":247,"score":54,"percentile":248},"2025-12-29",0.02614,{"date":250,"score":54,"percentile":251},"2025-12-30",0.02612,{"date":253,"score":54,"percentile":254},"2025-12-31",0.02599,{"date":256,"score":54,"percentile":257},"2026-01-01",0.02655,{"date":259,"score":54,"percentile":257},"2026-01-02",{"date":261,"score":54,"percentile":262},"2026-01-03",0.02652,{"date":264,"score":54,"percentile":205},"2026-01-04",{"date":266,"score":54,"percentile":267},"2026-01-05",0.02594,{"date":269,"score":54,"percentile":270},"2026-01-06",0.02586,{"date":272,"score":54,"percentile":273},"2026-01-07",0.02606,{"date":275,"score":54,"percentile":276},"2026-01-08",0.02633,{"date":278,"score":54,"percentile":279},"2026-01-09",0.02647,{"date":281,"score":54,"percentile":257},"2026-01-10",{"date":283,"score":54,"percentile":284},"2026-01-11",0.02637,{"date":286,"score":54,"percentile":267},"2026-01-12",{"date":288,"score":54,"percentile":270},"2026-01-13",{"date":290,"score":54,"percentile":291},"2026-01-14",0.02588,{"date":293,"score":54,"percentile":294},"2026-01-15",0.0258,{"date":296,"score":54,"percentile":294},"2026-01-16",{"date":298,"score":54,"percentile":299},"2026-01-17",0.02584,{"date":301,"score":54,"percentile":205},"2026-01-18",{"date":303,"score":54,"percentile":208},"2026-01-19",{"date":305,"score":54,"percentile":173},"2026-01-20",{"date":307,"score":54,"percentile":190},"2026-01-21",{"date":309,"score":54,"percentile":310},"2026-01-22",0.02557,{"date":312,"score":54,"percentile":313},"2026-01-23",0.02565,{"date":315,"score":54,"percentile":316},"2026-01-24",0.02585,{"date":318,"score":54,"percentile":208},"2026-01-25",{"date":320,"score":54,"percentile":321},"2026-01-26",0.02577,{"date":323,"score":54,"percentile":321},"2026-01-27",{"date":325,"score":54,"percentile":208},"2026-01-28",{"date":327,"score":54,"percentile":199},"2026-01-29",{"date":329,"score":54,"percentile":226},"2026-01-30",{"date":331,"score":54,"percentile":332},"2026-01-31",0.0263,{"date":334,"score":54,"percentile":335},"2026-02-01",0.02682,[337],{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":338,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":339,"vectorString":59,"impactScore":340,"exploitabilityScore":341},"HIGH",8.7,4.6,[343,366],{"ecosystem":9,"name":344,"vendor":345,"product":345,"cpe_part":346,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":347},"Linux","linux","a",[348,355,358,361,364],{"version":349,"is_range":350,"range_type":64,"version_start":351,"version_start_type":352,"version_end":353,"version_end_type":354,"fixed_in":9},">= f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9, \u003C 894681682dbefdad917b88f86cde1069140a047a",true,"f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9","including","894681682dbefdad917b88f86cde1069140a047a","excluding",{"version":356,"is_range":350,"range_type":64,"version_start":351,"version_start_type":352,"version_end":357,"version_end_type":354,"fixed_in":9},">= f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9, \u003C cb53a3366eb28fed67850c80afa52075bb71a38a","cb53a3366eb28fed67850c80afa52075bb71a38a",{"version":359,"is_range":350,"range_type":64,"version_start":351,"version_start_type":352,"version_end":360,"version_end_type":354,"fixed_in":9},">= f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9, \u003C fd524ca7fe45b8a06dca2dd546d62684a9768f95","fd524ca7fe45b8a06dca2dd546d62684a9768f95",{"version":362,"is_range":350,"range_type":64,"version_start":351,"version_start_type":352,"version_end":363,"version_end_type":354,"fixed_in":9},">= f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9, \u003C b8caf69a6946e18ffebad49847e258f5b6d52ac2","b8caf69a6946e18ffebad49847e258f5b6d52ac2",{"version":365,"is_range":52,"range_type":64,"version_start":365,"version_start_type":352,"version_end":365,"version_end_type":352,"fixed_in":9},"5.7",{"ecosystem":9,"name":367,"vendor":345,"product":368,"cpe_part":369,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":370},"linux kernel","linux_kernel","o",[371,375,379],{"version":372,"is_range":350,"range_type":373,"version_start":365,"version_start_type":352,"version_end":374,"version_end_type":354,"fixed_in":9},"gte5.7_lt5.10.165","cpe","5.10.165",{"version":376,"is_range":350,"range_type":373,"version_start":377,"version_start_type":352,"version_end":378,"version_end_type":354,"fixed_in":9},"gte5.11_lt5.15.90","5.11","5.15.90",{"version":380,"is_range":350,"range_type":373,"version_start":381,"version_start_type":352,"version_end":382,"version_end_type":354,"fixed_in":9},"gte5.16_lt6.1.8","5.16","6.1.8"]