{"id":"CVE-2022-48655","summary":"firmware: arm_scmi: Harden accesses to the reset domains","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Harden accesses to the reset domains\n\nAccessing reset domains descriptors by the index upon the SCMI drivers\nrequests through the SCMI reset operations interface can potentially\nlead to out-of-bound violations if the SCMI driver misbehave.\n\nAdd an internal consistency check before any such domains descriptors\naccesses.","modified":"2026-04-11T12:41:16.369856Z","published":"2024-04-28T13:01:00.822Z","related":["SUSE-SU-2024:1641-1","SUSE-SU-2024:1644-1","SUSE-SU-2024:1647-1","SUSE-SU-2024:1659-1","SUSE-SU-2024:1663-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48655.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48655.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48655"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240912-0008/"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5"},{"fixed":"7184491fc515f391afba23d0e9b690caaea72daf"},{"fixed":"f2277d9e2a0d092c13bae7ee82d75432bb8b5108"},{"fixed":"1f08a1b26cfc53b7715abc46857c6023bb1b87de"},{"fixed":"8e65edf0d37698f7a6cb174608d3ec7976baf49e"},{"fixed":"e9076ffbcaed5da6c182b144ef9f6e24554af268"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48655.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.4.0"},{"fixed":"5.4.277"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.218"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.71"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48655.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}