CVE-2022-49471

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rtw89: cfo: check mac_id to avoid out-of-bounds<br /> <br /> Somehow, hardware reports incorrect mac_id and pollute memory. Check index<br /> before we access the array.<br /> <br /> UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23<br /> index 188 is out of range for type &amp;#39;s32 [64]&amp;#39;<br /> CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE<br /> Call Trace:<br /> <br /> show_stack+0x52/0x58<br /> dump_stack_lvl+0x4c/0x63<br /> dump_stack+0x10/0x12<br /> ubsan_epilogue+0x9/0x45<br /> __ubsan_handle_out_of_bounds.cold+0x44/0x49<br /> ? __alloc_skb+0x92/0x1d0<br /> rtw89_phy_cfo_parse+0x44/0x7f [rtw89_core]<br /> rtw89_core_rx+0x261/0x871 [rtw89_core]<br /> ? __alloc_skb+0xee/0x1d0<br /> rtw89_pci_napi_poll+0x3fa/0x4ea [rtw89_pci]<br /> __napi_poll+0x33/0x1a0<br /> net_rx_action+0x126/0x260<br /> ? __queue_work+0x217/0x4c0<br /> __do_softirq+0xd9/0x315<br /> ? disable_irq_nosync+0x10/0x10<br /> do_softirq.part.0+0x6d/0x90<br /> <br /> <br /> __local_bh_enable_ip+0x62/0x70<br /> rtw89_pci_interrupt_threadfn+0x182/0x1a6 [rtw89_pci]<br /> irq_thread_fn+0x28/0x60<br /> irq_thread+0xc8/0x190<br /> ? irq_thread_fn+0x60/0x60<br /> kthread+0x16b/0x190<br /> ? irq_thread_check_affinity+0xe0/0xe0<br /> ? set_kthread_struct+0x50/0x50<br /> ret_from_fork+0x22/0x30<br />