In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then.
BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/
[ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5b681822cac1f8093759b02e16c06b2c64b6788", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-0110d3da" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3f15609ffa521de12244cd6af24002030dda3f5", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-107e2bb0" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3f15609ffa521de12244cd6af24002030dda3f5", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "267746912690900928691810240055705790555", "length": 3410.0 }, "id": "CVE-2022-49145-18717d7e" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b80b19b32a432c9eee1cd200ef7aaddf608f54d1", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "171254729283079422775967825881125144459", "length": 3521.0 }, "id": "CVE-2022-49145-21912137" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d208ea44e25b31db5a4d5e8c31df51787a3e9303", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-4254b5a7" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28d5387c1994f5e1e0d41b30a1f3dd6e1f609252", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-64a7ca90" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb249f8c00f40dba83b7da8207ac14ca46e9ec9e", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "59336891479928016738521326896136021591", "length": 3507.0 }, "id": "CVE-2022-49145-72794ecb" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7339f2a3938fb56b5f28d53f5345900b5fa0e74", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "158748885894115168249724138496007778674", "length": 3885.0 }, "id": "CVE-2022-49145-7e81e644" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40d8abf364bcab23bc715a9221a3c8623956257b", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "276629303780252714162231998404714291578", "length": 3936.0 }, "id": "CVE-2022-49145-85cdddf4" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb249f8c00f40dba83b7da8207ac14ca46e9ec9e", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-9446aba0" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@40d8abf364bcab23bc715a9221a3c8623956257b", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-9e036881" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@97b5593fd1b182b3fdb180b6bbe64ec09669988b", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-b274f11f" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7339f2a3938fb56b5f28d53f5345900b5fa0e74", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-bbc19958" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28d5387c1994f5e1e0d41b30a1f3dd6e1f609252", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "59336891479928016738521326896136021591", "length": 3507.0 }, "id": "CVE-2022-49145-bf159282" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@97b5593fd1b182b3fdb180b6bbe64ec09669988b", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "171254729283079422775967825881125144459", "length": 3521.0 }, "id": "CVE-2022-49145-dd2fef0e" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5b681822cac1f8093759b02e16c06b2c64b6788", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "59336891479928016738521326896136021591", "length": 3507.0 }, "id": "CVE-2022-49145-e407d2e3" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b80b19b32a432c9eee1cd200ef7aaddf608f54d1", "target": { "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Line", "deprecated": false, "signature_version": "v1", "digest": { "line_hashes": [ "39531045089122413197755785255312317761", "86260078518229049008831380311699420152", "85306865333087319978433337057947731236", "222614106338825733257229218286981541962" ], "threshold": 0.9 }, "id": "CVE-2022-49145-f16e9095" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d208ea44e25b31db5a4d5e8c31df51787a3e9303", "target": { "function": "acpi_cppc_processor_probe", "file": "drivers/acpi/cppc_acpi.c" }, "signature_type": "Function", "deprecated": false, "signature_version": "v1", "digest": { "function_hash": "177653928190790181746323576851987545847", "length": 3459.0 }, "id": "CVE-2022-49145-ff335aa1" } ]