CVE-2022-49946
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's Raspberry Pi clock driver. The function raspberrypi_discover_clocks() uses a while loop that assumes the last clock element's ID is zero. However, since this data comes from the Videocore firmware, which does not guarantee this behavior, the loop can access memory out-of-bounds. The fix involves adding a sentinel element to prevent such out-of-bounds access.
How can this vulnerability impact me? :
The out-of-bounds access caused by this vulnerability could potentially lead to memory corruption or crashes in the Linux kernel on Raspberry Pi devices. This could affect system stability or security, depending on how the corrupted memory is used.