CVE-2022-48702

EPSS 0.01%
Published 03.05.2024 16:15:08
Last modified 05.03.2025 15:11:27
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

The voice allocator sometimes begins allocating from near the end of the
array and then wraps around, however snd_emu10k1_pcm_channel_alloc()
accesses the newly allocated voices as if it never wrapped around.

This results in out of bounds access if the first voice has a high enough
index so that first_voice + requested_voice_count > NUM_G (64).
The more voices are requested, the more likely it is for this to occur.

This was initially discovered using PipeWire, however it can be reproduced
by calling aplay multiple times with 16 channels:
aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero

UBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40
index 65 is out of range for type 'snd_emu10k1_voice [64]'
CPU: 1 PID: 31977 Comm: aplay Tainted: G        W IOE      6.0.0-rc2-emu10k1+ #7
Hardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002    07/22/2010
Call Trace:
<TASK>
dump_stack_lvl+0x49/0x63
dump_stack+0x10/0x16
ubsan_epilogue+0x9/0x3f
__ubsan_handle_out_of_bounds.cold+0x44/0x49
snd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]
snd_pcm_hw_params+0x29f/0x600 [snd_pcm]
snd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]
? exit_to_user_mode_prepare+0x35/0x170
? do_syscall_64+0x69/0x90
? syscall_exit_to_user_mode+0x26/0x50
? do_syscall_64+0x69/0x90
? exit_to_user_mode_prepare+0x35/0x170
snd_pcm_ioctl+0x27/0x40 [snd_pcm]
__x64_sys_ioctl+0x95/0xd0
do_syscall_64+0x5c/0x90
? do_syscall_64+0x69/0x90
? do_syscall_64+0x69/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.9.328

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.293

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.258

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.213

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.143

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.68

Linux ≫ Linux Kernel Version >= 5.17 < 5.19.9

Linux ≫ Linux Kernel Version6.0 Updaterc1

Linux ≫ Linux Kernel Version6.0 Updaterc2

Linux ≫ Linux Kernel Version6.0 Updaterc3

Linux ≫ Linux Kernel Version6.0 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.019

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c

Patch

https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178

Patch

https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2

Patch

https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1

Patch

https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa

Patch

https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275

Patch