{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48738", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.054Z", "datePublished": "2024-06-20T11:13:24.032Z", "dateUpdated": "2024-11-04T12:15:31.982Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:15:31.982Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Reject out of bounds values in snd_soc_put_volsw()\n\nWe don't currently validate that the values being set are within the range\nwe advertised to userspace as being valid, do so and reject any values\nthat are out of range."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/soc-ops.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "40f598698129", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "586ef863c943", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "65a61b1f56f5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "68fd71872428", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a9394f21fba0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "9e8895f1b3d4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bb72d2dda855", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "817f7c9335ec", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/soc-ops.c"], "versions": [{"version": "4.9.300", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.265", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.228", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.178", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.99", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.22", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.8", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d"}, {"url": "https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7"}, {"url": "https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf"}, {"url": "https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7"}, {"url": "https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a"}, {"url": "https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830"}, {"url": "https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d"}, {"url": "https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0"}], "title": "ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:00.470Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48738", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:10:47.744105Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:48.650Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:00.470Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48738", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:10:47.744105Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.046Z"}}], "cna": {"title": "ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "40f598698129", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "586ef863c943", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "65a61b1f56f5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "68fd71872428", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a9394f21fba0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "9e8895f1b3d4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bb72d2dda855", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "817f7c9335ec", "versionType": "git"}], "programFiles": ["sound/soc/soc-ops.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.9.300", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.265", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.228", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.178", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.99", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.22", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.8", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/soc-ops.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d"}, {"url": "https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7"}, {"url": "https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf"}, {"url": "https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7"}, {"url": "https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a"}, {"url": "https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830"}, {"url": "https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d"}, {"url": "https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Reject out of bounds values in snd_soc_put_volsw()\n\nWe don't currently validate that the values being set are within the range\nwe advertised to userspace as being valid, do so and reject any values\nthat are out of range."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:15:31.982Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48738", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:15:31.982Z", "dateReserved": "2024-06-20T11:09:39.054Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-20T11:13:24.032Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Reject out of bounds values in snd_soc_put_volsw()\n\nWe don't currently validate that the values being set are within the range\nwe advertised to userspace as being valid, do so and reject any values\nthat are out of range."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: ops: Rechazar valores fuera de los l\u00edmites en snd_soc_put_volsw() Actualmente no validamos que los valores que se establecen est\u00e9n dentro del rango que anunciamos en el espacio de usuario como v\u00e1lidos, h\u00e1galo y rechazar cualquier valor que est\u00e9 fuera de rango."}], "id": "CVE-2022-48738", "lastModified": "2024-06-20T12:43:25.663", "metrics": {}, "published": "2024-06-20T12:15:12.150", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/586ef863c94354a7e00e5ae5ef01443d1dc99bc7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65a61b1f56f5386486757930069fbdce94af08bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/68fd718724284788fc5f379e0b7cac541429ece7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9e8895f1b3d4433f6d78aa6578e9db61ca6e6830"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a9394f21fba027147bf275b083c77955864c366a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bb72d2dda85564c66d909108ea6903937a41679d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()", "id": "2293321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293321"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: ops: Reject out of bounds values in snd_soc_put_volsw()\nWe don't currently validate that the values being set are within the range\nwe advertised to userspace as being valid, do so and reject any values\nthat are out of range."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48738", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48738\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48738\nhttps://lore.kernel.org/linux-cve-announce/2024062001-CVE-2022-48738-ecf0@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.9.300, kernel 4.14.265, kernel 4.19.228, kernel 5.4.178, kernel 5.10.99, kernel 5.15.22, kernel 5.16.8, kernel 5.17"}