vulnerability

Ubuntu: (CVE-2022-49163): linux vulnerability

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:C)
Published
Feb 26, 2025
Added
Mar 19, 2025
Modified
Apr 16, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: fix a bug of accessing array out of bounds

When error occurs in parsing jpeg, the slot isn't acquired yet, it may
be the default value MXC_MAX_SLOTS.
If the driver access the slot using the incorrect slot number, it will
access array out of bounds.
The result is the driver will change num_domains, which follows
slot_data in struct mxc_jpeg_dev.
Then the driver won't detach the pm domain at rmmod, which will lead to
kernel panic when trying to insmod again.

Solutions

ubuntu-upgrade-linuxubuntu-upgrade-linux-awsubuntu-upgrade-linux-azureubuntu-upgrade-linux-azure-5-15ubuntu-upgrade-linux-gcpubuntu-upgrade-linux-gkeubuntu-upgrade-linux-hwe-5-15ubuntu-upgrade-linux-ibmubuntu-upgrade-linux-intel-iotgubuntu-upgrade-linux-intel-iotg-5-15ubuntu-upgrade-linux-kvmubuntu-upgrade-linux-lowlatencyubuntu-upgrade-linux-lowlatency-hwe-5-15ubuntu-upgrade-linux-oracleubuntu-upgrade-linux-raspiubuntu-upgrade-linux-realtime

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report