U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2022-49478 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827 Patch 
https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e Patch 
https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e Patch 
https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a Patch 
https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67 Patch 
https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059 Patch 
https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9 Patch 
https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7 Patch 
https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-129 Improper Validation of Array Index cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-49478
NVD Published Date:
02/26/2025
NVD Last Modified:
03/17/2025
Source:
kernel.org