CVE-2022-49031
HIGH EPSS 15.5%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace: afe4403_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 This issue can be reproduced by singe command: $ cat /sys/bus/spi/devices/spi0.0/iio\:device0/in_intensity6_raw The array size of afe4403_channel_leds is less than channels, so access with chan->address cause OOB read in afe4403_read_raw. Fix it by moving access before use it.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
15.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 13
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥4.8 – <4.9.335 |
| linux | linux_kernel | * | ≥4.10 – <4.14.301 |
| linux | linux_kernel | * | ≥4.15 – <4.19.268 |
| linux | linux_kernel | * | ≥4.20 – <5.4.226 |
| linux | linux_kernel | * | ≥5.5 – <5.10.158 |
| linux | linux_kernel | * | ≥5.11 – <5.15.82 |
| linux | linux_kernel | * | ≥5.16 – <6.0.12 |
| linux | linux_kernel | 6.1 | any |
| linux | linux_kernel | 6.1 | any |
| linux | linux_kernel | 6.1 | any |
| linux | linux_kernel | 6.1 | any |
| linux | linux_kernel | 6.1 | any |
| linux | linux_kernel | 6.1 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb
- git.kernel.org https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f
- git.kernel.org https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9
- git.kernel.org https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df
- git.kernel.org https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0
- git.kernel.org https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c
- git.kernel.org https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9
- git.kernel.org https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867
Remediation
- git.kernel.org https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb
- git.kernel.org https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f
- git.kernel.org https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9
- git.kernel.org https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df
- git.kernel.org https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0
- git.kernel.org https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c
- git.kernel.org https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9
- git.kernel.org https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867