CVE-2022-49032

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw<br /> <br /> KASAN report out-of-bounds read as follows:<br /> <br /> BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380<br /> Read of size 4 at addr ffffffffc00e4658 by task cat/278<br /> <br /> Call Trace:<br /> afe4404_read_raw<br /> iio_read_channel_info<br /> dev_attr_show<br /> <br /> The buggy address belongs to the variable:<br /> afe4404_channel_leds+0x18/0xffffffffffffe9c0<br /> <br /> This issue can be reproduce by singe command:<br /> <br /> $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw<br /> <br /> The array size of afe4404_channel_leds and afe4404_channel_offdacs<br /> are less than channels, so access with chan-&gt;address cause OOB read<br /> in afe4404_[read|write]_raw. Fix it by moving access before use them.