How severe is CVE-2022-48804?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-48804?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2022-48804 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam.

Related Vulnerabilities

CVE-2015-1208

MEDIUM

CVSS:5.5(Medium)

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 f...

CWE-1912015

CVE-2017-13666

MEDIUM

CVSS:5.5(Medium)

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can ...

CWE-1912017

CVE-2017-15874

MEDIUM

CVSS:5.5(Medium)

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.

CWE-1912017

CVE-2017-8906

MEDIUM

CVSS:5.5(Medium)

An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and oth...

CWE-1912017

CVE-2018-5865

MEDIUM

CVSS:5.5(Medium)

While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an i...

CWE-1912018

CVE-2019-1628

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condit...

CWE-1912019