SB20250226348 - Out-of-bounds read in Linux kernel platform imx-jpeg driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226348
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2022-49163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mxc_jpeg_device_run() function in drivers/media/platform/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747
- https://git.kernel.org/stable/c/20c8b90430c5d6c4a3936eaa7c35aac670581487
- https://git.kernel.org/stable/c/97558d170a1236280407e8d29a7d095d2c2ed554
- https://git.kernel.org/stable/c/e209e6db2e527db6a93b14c2deedf969caca78fc
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2