How severe is CVE-2022-48987?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-48987?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2022-48987 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2_bt_timings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that userspace would correctly fill in the front porch, backporch and sync values, but sometimes all you know is the total blanking, which is then assigned to just one of these fields. And that can fail with these checks. So instead set a maximum for the total horizontal and vertical blanking and check that each field remains below that. That is still sufficient to avoid integer overflows, but it also allows for more flexibility in how userspace fills in these fields.

Related Vulnerabilities

CVE-2011-4097

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termin...

CWE-1902011

CVE-2012-0038

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, l...

CWE-1902012

CVE-2015-1526

MEDIUM

CVSS:5.5(Medium)

The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.

CWE-1902015

CVE-2015-4645

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which tri...

CWE-1902015

CVE-2015-8933

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted...

CWE-1902015

CVE-2016-3712

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

CWE-1902016