github - ghsa-m29f-9jrm-j49w

ghsa-m29f-9jrm-j49w

Vulnerability from github

Published

2025-06-18 12:30

Modified

2025-11-13 21:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: Intel: avs: Fix potential buffer overflow by snprintf()

snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow (although it's unrealistic).

This patch replaces it with a safer version, scnprintf() for papering over such a potential issue.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-50052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:33Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in a buffer\noverflow (although it\u0027s unrealistic).\n\nThis patch replaces it with a safer version, scnprintf() for papering\nover such a potential issue.",
  "id": "GHSA-m29f-9jrm-j49w",
  "modified": "2025-11-13T21:31:18Z",
  "published": "2025-06-18T12:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50052"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/840311a09f75632b9d41fbc1cd5c7aea94ce5f7e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-50052 (GCVE-0-2022-50052)

Vulnerability from cvelistv5

Published

2025-06-18 11:01

Modified

2025-06-18 11:01

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow (although it's unrealistic). This patch replaces it with a safer version, scnprintf() for papering over such a potential issue.

References

URL

Tags

	https://git.kernel.org/stable/c/840311a09f75632b9d41fbc1cd5c7aea94ce5f7e
	https://git.kernel.org/stable/c/ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00

Impacted products

Vendor

Product

Version

Version: f1b3b320bd6519b16e3480f74f2926d106e3bcba
Version: f1b3b320bd6519b16e3480f74f2926d106e3bcba

Version: 5.19

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/intel/avs/pcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "840311a09f75632b9d41fbc1cd5c7aea94ce5f7e",
              "status": "affected",
              "version": "f1b3b320bd6519b16e3480f74f2926d106e3bcba",
              "versionType": "git"
            },
            {
              "lessThan": "ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00",
              "status": "affected",
              "version": "f1b3b320bd6519b16e3480f74f2926d106e3bcba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/intel/avs/pcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.4",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Fix potential buffer overflow by snprintf()\n\nsnprintf() returns the would-be-filled size when the string overflows\nthe given buffer size, hence using this value may result in a buffer\noverflow (although it\u0027s unrealistic).\n\nThis patch replaces it with a safer version, scnprintf() for papering\nover such a potential issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T11:01:52.478Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/840311a09f75632b9d41fbc1cd5c7aea94ce5f7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00"
        }
      ],
      "title": "ASoC: Intel: avs: Fix potential buffer overflow by snprintf()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50052",
    "datePublished": "2025-06-18T11:01:52.478Z",
    "dateReserved": "2025-06-18T10:57:27.402Z",
    "dateUpdated": "2025-06-18T11:01:52.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.