CVE-2022-49507
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
17/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
regulator: da9121: Fix uninit-value in da9121_assign_chip_model()<br />
<br />
KASAN report slab-out-of-bounds in __regmap_init as follows:<br />
<br />
BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841<br />
Read of size 1 at addr ffff88803678cdf1 by task xrun/9137<br />
<br />
CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014<br />
Call Trace:<br />
<br />
dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88<br />
print_report.cold+0xcd/0x69b mm/kasan/report.c:313<br />
kasan_report+0x8e/0xc0 mm/kasan/report.c:491<br />
__regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841<br />
__devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266<br />
__devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394<br />
da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039<br />
i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563<br />
<br />
This happend when da9121 device is probe by da9121_i2c_id, but with<br />
invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later<br />
da9121_assign_chip_model() will access &#39;regmap&#39; without init it.<br />
<br />
Fix it by return -EINVAL from da9121_assign_chip_model() if<br />
&#39;chip->subvariant_id&#39; is invalid.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.46 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.17.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.18 (including) | 5.18.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page