How severe is CVE-2022-48630?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-48630?

This is classified as CWE-835, which is a common weakness in software security.

CVE-2022-48630 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ The commit referenced in the Fixes tag removed the 'break' from the else branch in qcom_rng_read(), causing an infinite loop whenever 'max' is not a multiple of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67 >/dev/null There are many ways to fix this without adding back the 'break', but they all seem more awkward than simply adding it back, so do just that. Tested on a machine with Qualcomm Amberwing processor.

Related Vulnerabilities

CVE-2010-0207

MEDIUM

CVSS:5.5(Medium)

In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.

CWE-8352010

CVE-2011-4621

MEDIUM

CVSS:5.5(Medium)

The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes cod...

CWE-8352011

CVE-2012-0248

MEDIUM

CVSS:5.5(Medium)

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the ID...

CWE-8352012

CVE-2012-1186

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in t...

CWE-8352012

CVE-2014-0148

MEDIUM

CVSS:5.5(Medium)

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_se...

CWE-8352014

CVE-2015-10103

MEDIUM

CVSS:5.5(Medium)

A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setFo...

CWE-8352015