7.1

CVE-2022-49031

iio: health: afe4403: Fix oob read in afe4403_read_raw

In the Linux kernel, the following vulnerability has been resolved:

iio: health: afe4403: Fix oob read in afe4403_read_raw

KASAN report out-of-bounds read as follows:

BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0
Read of size 4 at addr ffffffffc02ac638 by task cat/279

Call Trace:
 afe4403_read_raw
 iio_read_channel_info
 dev_attr_show

The buggy address belongs to the variable:
 afe4403_channel_leds+0x18/0xffffffffffffe9e0

This issue can be reproduced by singe command:

 $ cat /sys/bus/spi/devices/spi0.0/iio\:device0/in_intensity6_raw

The array size of afe4403_channel_leds is less than channels, so access
with chan->address cause OOB read in afe4403_read_raw. Fix it by moving
access before use it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.8 < 4.9.335
LinuxLinux Kernel Version >= 4.10 < 4.14.301
LinuxLinux Kernel Version >= 4.15 < 4.19.268
LinuxLinux Kernel Version >= 4.20 < 5.4.226
LinuxLinux Kernel Version >= 5.5 < 5.10.158
LinuxLinux Kernel Version >= 5.11 < 5.15.82
LinuxLinux Kernel Version >= 5.16 < 6.0.12
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
LinuxLinux Kernel Version6.1 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.153
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb
Patch
https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f
Patch
https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9
Patch
https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df
Patch
https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0
Patch
https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c
Patch
https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9
Patch
https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867
Patch