Vulnerability-Lookup

CVE-2022-49267 (GCVE-0-2022-49267)

Vulnerability from cvelistv5 – Published: 2025-02-26 01:56 – Updated: 2026-01-19 12:17

Title

mmc: core: use sysfs_emit() instead of sprintf()

Summary

In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CVE-2022-49267

Vulnerability from fstec - Published: 28.02.2022

Title

Уязвимость функции type_show() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции type_show() ядра операционной системы Linux связана с копированием буфера без проверки размера входных данных (классическое переполнение буфера). Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, Red Hat Inc.

Software Name

Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Linux

Software Version

16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), от 5.17 до 5.17.1 включительно (Linux), от 2.6.12 до 5.16.18 включительно (Linux), 13 (Debian GNU/Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef https://lore.kernel.org/linux-cve-announce/2025022629-CVE-2022-49267-b3ac@gregkh/ https://git.kernel.org/linus/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2022-49267 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2022-49267 Для Ubuntu: https://ubuntu.com/security/CVE-2022-49267

Reference

https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef https://www.cve.org/CVERecord?id=CVE-2022-49267 https://lore.kernel.org/linux-cve-announce/2025022629-CVE-2022-49267-b3ac@gregkh/ https://git.kernel.org/linus/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.19 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2 https://access.redhat.com/security/cve/cve-2022-49267 https://security-tracker.debian.org/tracker/CVE-2022-49267 https://ubuntu.com/security/CVE-2022-49267

CWE

CWE-120

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Red Hat Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), \u043e\u0442 5.17 \u0434\u043e 5.17.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 2.6.12 \u0434\u043e 5.16.18 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 13 (Debian GNU/Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063\nhttps://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef\nhttps://lore.kernel.org/linux-cve-announce/2025022629-CVE-2022-49267-b3ac@gregkh/\nhttps://git.kernel.org/linus/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2022-49267\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-49267\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2022-49267",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.02.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.02.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01494",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-49267",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.17 \u0434\u043e 5.17.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.12 \u0434\u043e 5.16.18 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 13 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 type_show() \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 type_show() \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063\nhttps://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef\nhttps://www.cve.org/CVERecord?id=CVE-2022-49267\nhttps://lore.kernel.org/linux-cve-announce/2025022629-CVE-2022-49267-b3ac@gregkh/\nhttps://git.kernel.org/linus/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.19\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2\nhttps://access.redhat.com/security/cve/cve-2022-49267\nhttps://security-tracker.debian.org/tracker/CVE-2022-49267\nhttps://ubuntu.com/security/CVE-2022-49267",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

FKIE_CVE-2022-49267

Vulnerability from fkie_nvd - Published: 2025-02-26 07:01 - Updated: 2026-01-19 13:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0f55ac683b2722714016f16daae9cab3f7f7b9f9
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11	Patch

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18F5AF68-F1E7-4C3F-8521-ECDD471EAC43",
              "versionEndExcluding": "5.16.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF",
              "versionEndExcluding": "5.17.2",
              "versionStartIncluding": "5.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: use sysfs_emit() instead of sprintf()\n\nsprintf() (still used in the MMC core for the sysfs output) is vulnerable\nto the buffer overflow.  Use the new-fangled sysfs_emit() instead.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool."
    },
    {
      "lang": "es",
      "value": "En el n\u00facleo de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: core: use sysfs_emit() en lugar de sprintf() sprintf() (que todav\u00eda se usa en el n\u00facleo de MMC para la salida de sysfs) es vulnerable al desbordamiento del b\u00fafer. Use el nuevo sysfs_emit() en su lugar. Encontrado por Linux Verification Center (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE."
    }
  ],
  "id": "CVE-2022-49267",
  "lastModified": "2026-01-19T13:16:05.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-26T07:01:03.620",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0f55ac683b2722714016f16daae9cab3f7f7b9f9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WH2C-4C72-P6W9

Vulnerability from github – Published: 2025-10-21 12:31 – Updated: 2026-01-19 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

mmc: core: use sysfs_emit() instead of sprintf()

sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead.

Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:03Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: use sysfs_emit() instead of sprintf()\n\nsprintf() (still used in the MMC core for the sysfs output) is vulnerable\nto the buffer overflow.  Use the new-fangled sysfs_emit() instead.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.",
  "id": "GHSA-wh2c-4c72-p6w9",
  "modified": "2026-01-19T15:30:32Z",
  "published": "2025-10-21T12:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49267"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f55ac683b2722714016f16daae9cab3f7f7b9f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4ab65738ab3e21fe519ee46b2051222bc8e32ef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5d8a5fe77ce933f53eb8f2e22bb7a1a2019ea11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0920

Vulnerability from certfr_avis - Published: 2025-10-24 - Updated: 2025-10-24

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 mysql 8.0.43-1
Microsoft	N/A	azl3 unbound 1.19.1-4
Microsoft	N/A	azl3 mysql versions antérieures à 8.0.44-1
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	azl3 lz4 1.9.4-1
Microsoft	N/A	azl3 squid versions antérieures à 6.13-3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2022-49267	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62168	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49306	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49610	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11411	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53069	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53062	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49562	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49469	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49333	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49504	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53042	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53045	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53054	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49635	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53040	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57888	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49552	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53053	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49420	2025-10-22	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-53044	2025-10-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62813	2025-10-24	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-57899	2025-10-19	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38564	2025-10-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 mysql 8.0.43-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 unbound 1.19.1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 mysql versions ant\u00e9rieures \u00e0 8.0.44-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 lz4 1.9.4-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 squid versions ant\u00e9rieures \u00e0 6.13-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-62168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
    },
    {
      "name": "CVE-2025-53042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
    },
    {
      "name": "CVE-2025-53062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
    },
    {
      "name": "CVE-2022-49610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49610"
    },
    {
      "name": "CVE-2022-49469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49469"
    },
    {
      "name": "CVE-2024-57888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57888"
    },
    {
      "name": "CVE-2022-49333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49333"
    },
    {
      "name": "CVE-2022-49562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
    },
    {
      "name": "CVE-2022-49306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49306"
    },
    {
      "name": "CVE-2025-62813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
    },
    {
      "name": "CVE-2025-53069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
    },
    {
      "name": "CVE-2025-53044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
    },
    {
      "name": "CVE-2022-49504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
    },
    {
      "name": "CVE-2022-49420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49420"
    },
    {
      "name": "CVE-2022-49635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49635"
    },
    {
      "name": "CVE-2024-57899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57899"
    },
    {
      "name": "CVE-2025-53054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
    },
    {
      "name": "CVE-2024-38564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
    },
    {
      "name": "CVE-2025-53040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
    },
    {
      "name": "CVE-2022-49552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49552"
    },
    {
      "name": "CVE-2025-53045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
    },
    {
      "name": "CVE-2025-53053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
    },
    {
      "name": "CVE-2022-49267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49267"
    },
    {
      "name": "CVE-2025-11411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11411"
    }
  ],
  "initial_release_date": "2025-10-24T00:00:00",
  "last_revision_date": "2025-10-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0920",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49267"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62168"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49306",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49306"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49610",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11411",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11411"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53069"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53062",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53062"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49562",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49469",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49469"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49333",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49333"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49504",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49504"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53042",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53042"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53045",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53045"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53054",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53054"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49635",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53040"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57888",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57888"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53053"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49420",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49420"
    },
    {
      "published_at": "2025-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-53044",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53044"
    },
    {
      "published_at": "2025-10-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62813",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62813"
    },
    {
      "published_at": "2025-10-19",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-57899",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57899"
    },
    {
      "published_at": "2025-10-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38564",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38564"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-49267 (GCVE-0-2022-49267)

CVE-2022-49267

FKIE_CVE-2022-49267

GHSA-WH2C-4C72-P6W9

CERTFR-2025-AVI-0920

Solutions

Tags

Sightings

Nomenclature