{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48732","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-20T11:09:39.053Z","datePublished":"2024-06-20T11:13:20.065Z","dateUpdated":"2025-05-04T08:21:56.924Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:21:56.924Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix off by one in BIOS boundary checking\n\nBounds checking when parsing init scripts embedded in the BIOS reject\naccess to the last byte. This causes driver initialization to fail on\nApple eMac's with GeForce 2 MX GPUs, leaving the system with no working\nconsole.\n\nThis is probably only seen on OpenFirmware machines like PowerPC Macs\nbecause the BIOS image provided by OF is only the used parts of the ROM,\nnot a power-of-two blocks read from PCI directly so PCs always have\nempty bytes at the end that are never accessed."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c"],"versions":[{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"d4b746e60fd8eaa8016e144223abe91158edcdad","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"b2a21669ee98aafc41c6d42ef15af4dab9e6e882","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"acc887ba88333f5fec49631f12d8cc7ebd95781c","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"f071d9fa857582d7bd77f4906691f73d3edeab73","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"d877e814a62b7de9069aeff8bc1d979dfc996e06","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"e7c36fa8a1e63b08312162179c78a0c7795ea369","status":"affected","versionType":"git"},{"version":"4d4e9907ff572bb1d1c0f6913ad6e3d6d4525077","lessThan":"1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"4.9.300","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.265","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.228","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.178","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.99","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.22","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.8","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.9.300"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.14.265"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.19.228"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.4.178"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.16.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad"},{"url":"https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2"},{"url":"https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882"},{"url":"https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c"},{"url":"https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73"},{"url":"https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06"},{"url":"https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369"},{"url":"https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a"}],"title":"drm/nouveau: fix off by one in BIOS boundary checking","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:25:00.118Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/d4b746e60fd8eaa8016e144223abe91158edcdad","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/909d3ec1bf9f0ec534bfc081b77c0836fea7b0e2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b2a21669ee98aafc41c6d42ef15af4dab9e6e882","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/acc887ba88333f5fec49631f12d8cc7ebd95781c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f071d9fa857582d7bd77f4906691f73d3edeab73","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d877e814a62b7de9069aeff8bc1d979dfc996e06","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e7c36fa8a1e63b08312162179c78a0c7795ea369","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48732","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:10:57.349463Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:48.977Z"}}]}}