Strix
26.1K

CVE-2022-48732

HIGHCVSS 7.8/10EPSS 0.24%

Last modified

CVE-2022-48732 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.24%

14.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LinuxLinux Kernel>= 4.8, < 4.9.300
LinuxLinux Kernel>= 4.10, < 4.14.265
LinuxLinux Kernel>= 4.15, < 4.19.228
LinuxLinux Kernel>= 4.20, < 5.4.178
LinuxLinux Kernel>= 5.5, < 5.10.99
LinuxLinux Kernel>= 5.11, < 5.15.22
LinuxLinux Kernel>= 5.16, < 5.16.8

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-48732?
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed.
How severe is CVE-2022-48732?
CVE-2022-48732 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2022-48732?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-48732?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST