CVE-2022-49946
HIGH EPSS 8.9%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Prevent out-of-bounds access The while loop in raspberrypi_discover_clocks() relies on the assumption that the id of the last clock element is zero. Because this data comes from the Videocore firmware and it doesn't guarantuee such a behavior this could lead to out-of-bounds access. So fix this by providing a sentinel element.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
8.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 6
References 4
- git.kernel.org https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d
- git.kernel.org https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4
- git.kernel.org https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34
- git.kernel.org https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2
Remediation
- git.kernel.org https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d
- git.kernel.org https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4
- git.kernel.org https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34
- git.kernel.org https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2