CVE-2022-49031

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: health: afe4403: Fix oob read in afe4403_read_raw<br /> <br /> KASAN report out-of-bounds read as follows:<br /> <br /> BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0<br /> Read of size 4 at addr ffffffffc02ac638 by task cat/279<br /> <br /> Call Trace:<br /> afe4403_read_raw<br /> iio_read_channel_info<br /> dev_attr_show<br /> <br /> The buggy address belongs to the variable:<br /> afe4403_channel_leds+0x18/0xffffffffffffe9e0<br /> <br /> This issue can be reproduced by singe command:<br /> <br /> $ cat /sys/bus/spi/devices/spi0.0/iio\:device0/in_intensity6_raw<br /> <br /> The array size of afe4403_channel_leds is less than channels, so access<br /> with chan-&gt;address cause OOB read in afe4403_read_raw. Fix it by moving<br /> access before use it.