CVE-2022-48803

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> phy: ti: Fix missing sentinel for clk_div_table<br /> <br /> _get_table_maxdiv() tries to access "clk_div_table" array out of bound<br /> defined in phy-j721e-wiz.c. Add a sentinel entry to prevent<br /> the following global-out-of-bounds error reported by enabling KASAN.<br /> <br /> [ 9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148<br /> [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38<br /> [ 9.565926]<br /> [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360<br /> [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT)<br /> [ 9.581832] Workqueue: events_unbound deferred_probe_work_func<br /> [ 9.587708] Call trace:<br /> [ 9.590174] dump_backtrace+0x20c/0x218<br /> [ 9.594038] show_stack+0x18/0x68<br /> [ 9.597375] dump_stack_lvl+0x9c/0xd8<br /> [ 9.601062] print_address_description.constprop.0+0x78/0x334<br /> [ 9.606830] kasan_report+0x1f0/0x260<br /> [ 9.610517] __asan_load4+0x9c/0xd8<br /> [ 9.614030] _get_maxdiv+0xc0/0x148<br /> [ 9.617540] divider_determine_rate+0x88/0x488<br /> [ 9.622005] divider_round_rate_parent+0xc8/0x124<br /> [ 9.626729] wiz_clk_div_round_rate+0x54/0x68<br /> [ 9.631113] clk_core_determine_round_nolock+0x124/0x158<br /> [ 9.636448] clk_core_round_rate_nolock+0x68/0x138<br /> [ 9.641260] clk_core_set_rate_nolock+0x268/0x3a8<br /> [ 9.645987] clk_set_rate+0x50/0xa8<br /> [ 9.649499] cdns_sierra_phy_init+0x88/0x248<br /> [ 9.653794] phy_init+0x98/0x108<br /> [ 9.657046] cdns_pcie_enable_phy+0xa0/0x170<br /> [ 9.661340] cdns_pcie_init_phy+0x250/0x2b0<br /> [ 9.665546] j721e_pcie_probe+0x4b8/0x798<br /> [ 9.669579] platform_probe+0x8c/0x108<br /> [ 9.673350] really_probe+0x114/0x630<br /> [ 9.677037] __driver_probe_device+0x18c/0x220<br /> [ 9.681505] driver_probe_device+0xac/0x150<br /> [ 9.685712] __device_attach_driver+0xec/0x170<br /> [ 9.690178] bus_for_each_drv+0xf0/0x158<br /> [ 9.694124] __device_attach+0x184/0x210<br /> [ 9.698070] device_initial_probe+0x14/0x20<br /> [ 9.702277] bus_probe_device+0xec/0x100<br /> [ 9.706223] deferred_probe_work_func+0x124/0x180<br /> [ 9.710951] process_one_work+0x4b0/0xbc0<br /> [ 9.714983] worker_thread+0x74/0x5d0<br /> [ 9.718668] kthread+0x214/0x230<br /> [ 9.721919] ret_from_fork+0x10/0x20<br /> [ 9.725520]<br /> [ 9.727032] The buggy address belongs to the variable:<br /> [ 9.732183] clk_div_table+0x24/0x440