In the Linux kernel, the following vulnerability has been resolved:
of: fdt: fix off-by-one error in unflatten_dt_nodes()
Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")
forgot to fix up the depth check in the loop body in unflatten_dt_nodes()
which makes it possible to overflow the nps[] buffer...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-03T14:51:18.085Z
Updated: 2024-08-03T15:17:55.720Z
Reserved: 2024-02-25T13:44:28.321Z
Link: CVE-2022-48672
Vulnrichment
Updated: 2024-06-12T15:31:52.326Z
NVD
Status : Analyzed
Published: 2024-05-03T15:15:07.480
Modified: 2024-05-23T20:26:40.327
Link: CVE-2022-48672
Redhat