{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T09:08:22.848","vulnerabilities":[{"cve":{"id":"CVE-2022-48806","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-07-16T12:15:04.980","lastModified":"2025-10-03T14:17:44.187","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\neeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX\n\nCommit effa453168a7 (\"i2c: i801: Don't silently correct invalid transfer\nsize\") revealed that ee1004_eeprom_read() did not properly limit how\nmany bytes to read at once.\n\nIn particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the\nlength to read as an u8.  If count == 256 after taking into account the\noffset and page boundary, the cast to u8 overflows.  And this is common\nwhen user space tries to read the entire EEPROM at once.\n\nTo fix it, limit each read to I2C_SMBUS_BLOCK_MAX (32) bytes, already\nthe maximum length i2c_smbus_read_i2c_block_data_or_emulated() allows."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: eeprom: ee1004: limitar las lecturas de i2c a I2C_SMBUS_BLOCK_MAX El commit effa453168a7 (\"i2c: i801: No corrija silenciosamente el tamaño de transferencia no válido\") reveló que ee1004_eeprom_read() no limitaba adecuadamente cuántas bytes para leer a la vez. En particular, i2c_smbus_read_i2c_block_data_or_emulated() toma la longitud para leer como u8. Si el recuento == 256 después de tener en cuenta el desplazamiento y el límite de la página, la conversión a u8 se desborda. Y esto es común cuando el espacio del usuario intenta leer toda la EEPROM a la vez. Para solucionarlo, limite cada lectura a I2C_SMBUS_BLOCK_MAX (32) bytes, ya que la longitud máxima que permite i2c_smbus_read_i2c_block_data_or_emulated()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.300","versionEndExcluding":"4.5","matchCriteriaId":"07952C87-5E8A-4663-B124-D75AF0A9D8BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.298","versionEndExcluding":"4.10","matchCriteriaId":"7954206F-4F34-46C3-915F-B07302465DA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.263","versionEndExcluding":"4.15","matchCriteriaId":"CFC94B29-7464-440D-9209-C9654BD88E2D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.226","versionEndExcluding":"4.20","matchCriteriaId":"17B749FF-B446-4D6A-9561-AFF6545BC575"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.174","versionEndExcluding":"5.4.180","matchCriteriaId":"A45CB2BE-42A7-4A97-8E58-88803B7D42A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.94","versionEndExcluding":"5.10.101","matchCriteriaId":"6102D993-F8C0-453E-9EAF-31D9117BCE28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.15.24","matchCriteriaId":"D81CA98A-70BB-4A63-AE8B-E0588EBBED9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3","versionEndExcluding":"5.16.10","matchCriteriaId":"66D5076B-0A1A-47F4-ACA4-79906399DA2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*","matchCriteriaId":"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*","matchCriteriaId":"E6E34B23-78B4-4516-9BD8-61B33F4AC49A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*","matchCriteriaId":"C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}