CVE-2022-49478
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d855497edbfbf9e19a17f4a1154bca69cb4bd9ba - < 4351bfe36aba9fa7dc9d68d498d25d41a0f45e67affected d855497edbfbf9e19a17f4a1154bca69cb4bd9ba - < 2e004fe914b243db41fa96f9e583385f360ea58eaffected d855497edbfbf9e19a17f4a1154bca69cb4bd9ba - < a3660e06675bccec4bf149c7229ea1d491ba10d7affected d855497edbfbf9e19a17f4a1154bca69cb4bd9ba - < 1310fc3538dcc375a2f46ef0a438512c2ca32827affected d855497edbfbf9e19a17f4a1154bca69cb4bd9ba - < a3304766d9384886e6d3092c776273526947a2e9+4 more versions |
Linux | Linux | affected 2.6.18unaffected 0 - < 2.6.18unaffected 4.9.318 - <= 4.9.*unaffected 4.14.283 - <= 4.14.*unaffected 4.19.247 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now