9.8

CVE-2022-48716

ASoC: codecs: wcd938x: fix incorrect used of portid

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd938x: fix incorrect used of portid

Mixer controls have the channel id in mixer->reg, which is not same
as port id. port id should be derived from chan_info array.
So fix this. Without this, its possible that we could corrupt
struct wcd938x_sdw_priv by accessing port_map array out of range
with channel id instead of port id.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.14 < 5.15.22
LinuxLinux Kernel Version >= 5.16 < 5.16.8
LinuxLinux Kernel Version5.17 Updaterc1
LinuxLinux Kernel Version5.17 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.69% 0.48
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://git.kernel.org/stable/c/9167f2712dc8c24964840a4d1e2ebf130e846b95
Patch
https://git.kernel.org/stable/c/aa7152f9f117b3e66b3c0d4158ca4c6d46ab229f
Patch
https://git.kernel.org/stable/c/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7
Patch