Bug 2335291 (CVE-2022-49035)

Summary:	CVE-2022-49035 kernel: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	dfreiber, drow, jburrell, vkumar
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-01-02 15:05:38 UTC

In the Linux kernel, the following vulnerability has been resolved:

media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE

I expect that the hardware will have limited this to 16, but just in
case it hasn't, check for this corner case.

Comment 1 Marco Benatto 2025-01-02 22:00:08 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025010208-CVE-2022-49035-5a59@gregkh/T

Comment 2 James Dean 2025-04-23 04:17:04 UTC Comment hidden (spam)

(In reply to Marco Benatto from comment #1)
> Upstream advisory:
> https://lore.kernel.org/linux-cve-announce/2025010208-CVE-2022-49035-5a59@gregkh/T https://slope3.com

Thanks for sharing!