7.1

CVE-2022-49032

iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw

In the Linux kernel, the following vulnerability has been resolved:

iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw

KASAN report out-of-bounds read as follows:

BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380
Read of size 4 at addr ffffffffc00e4658 by task cat/278

Call Trace:
 afe4404_read_raw
 iio_read_channel_info
 dev_attr_show

The buggy address belongs to the variable:
 afe4404_channel_leds+0x18/0xffffffffffffe9c0

This issue can be reproduce by singe command:

 $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw

The array size of afe4404_channel_leds and afe4404_channel_offdacs
are less than channels, so access with chan->address cause OOB read
in afe4404_[read|write]_raw. Fix it by moving access before use them.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.8 < 4.9.335
LinuxLinux Kernel Version >= 4.10 < 4.14.301
LinuxLinux Kernel Version >= 4.15 < 4.19.268
LinuxLinux Kernel Version >= 4.20 < 5.4.226
LinuxLinux Kernel Version >= 5.5 < 5.10.158
LinuxLinux Kernel Version >= 5.11 < 5.15.82
LinuxLinux Kernel Version >= 5.16 < 6.0.12
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
LinuxLinux Kernel Version6.1 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.153
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/113c08030a89aaf406f8a1d4549d758a67c2afba
Patch
https://git.kernel.org/stable/c/3f566b626029ca8598d48e5074e56bb37399ca1b
Patch
https://git.kernel.org/stable/c/5eb114f55b37dbc0487aa9c1913b81bb7837f1c4
Patch
https://git.kernel.org/stable/c/68de7da092f38395dde523f2e5db26eba6c23e28
Patch
https://git.kernel.org/stable/c/d45d9f45e7b1365fd0d9bf14680d6d5082a590d1
Patch
https://git.kernel.org/stable/c/f5575041ec15310bdc50c42b8b22118cc900226e
Patch
https://git.kernel.org/stable/c/f7419fc42afc035f6b29ce713e17dcd2000c833f
Patch
https://git.kernel.org/stable/c/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b
Patch