CVE-2022-48803
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48803
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48803.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48803
- Downstream
- Related
- Published
- 2024-07-16T11:43:55Z
- Modified
- 2025-10-08T06:21:26.824585Z
- Summary
- phy: ti: Fix missing sentinel for clk_div_table
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: Fix missing sentinel for clkdivtable
gettablemaxdiv() tries to access "clkdiv_table" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN.
[ 9.552392] BUG: KASAN: global-out-of-bounds in getmaxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT) [ 9.581832] Workqueue: eventsunbound deferredprobeworkfunc [ 9.587708] Call trace: [ 9.590174] dumpbacktrace+0x20c/0x218 [ 9.594038] showstack+0x18/0x68 [ 9.597375] dumpstacklvl+0x9c/0xd8 [ 9.601062] printaddressdescription.constprop.0+0x78/0x334 [ 9.606830] kasanreport+0x1f0/0x260 [ 9.610517] _asanload4+0x9c/0xd8 [ 9.614030] _getmaxdiv+0xc0/0x148 [ 9.617540] dividerdeterminerate+0x88/0x488 [ 9.622005] dividerroundrateparent+0xc8/0x124 [ 9.626729] wizclkdivroundrate+0x54/0x68 [ 9.631113] clkcoredetermineroundnolock+0x124/0x158 [ 9.636448] clkcoreroundratenolock+0x68/0x138 [ 9.641260] clkcoresetratenolock+0x268/0x3a8 [ 9.645987] clksetrate+0x50/0xa8 [ 9.649499] cdnssierraphyinit+0x88/0x248 [ 9.653794] phyinit+0x98/0x108 [ 9.657046] cdnspcieenablephy+0xa0/0x170 [ 9.661340] cdnspcieinitphy+0x250/0x2b0 [ 9.665546] j721epcieprobe+0x4b8/0x798 [ 9.669579] platformprobe+0x8c/0x108 [ 9.673350] reallyprobe+0x114/0x630 [ 9.677037] _driverprobedevice+0x18c/0x220 [ 9.681505] driverprobedevice+0xac/0x150 [ 9.685712] _deviceattachdriver+0xec/0x170 [ 9.690178] busforeachdrv+0xf0/0x158 [ 9.694124] _deviceattach+0x184/0x210 [ 9.698070] deviceinitialprobe+0x14/0x20 [ 9.702277] busprobedevice+0xec/0x100 [ 9.706223] deferredprobeworkfunc+0x124/0x180 [ 9.710951] processonework+0x4b0/0xbc0 [ 9.714983] workerthread+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] retfromfork+0x10/0x20 [ 9.725520] [ 9.727032] The buggy address belongs to the variable: [ 9.732183] clkdivtable+0x24/0x440
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f
- https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed
- https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69
- https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced091876cc355d6739e393efa4b3d07f451a6a035cFixed3c75d1017cb362b6a4e0935746ef5da28250919f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced091876cc355d6739e393efa4b3d07f451a6a035cFixed7a360e546ad9e7c3fd53d6bb60348c660cd28f54
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced091876cc355d6739e393efa4b3d07f451a6a035cFixed5b0c9569135a37348c1267c81e8b0274b21a86ed
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced091876cc355d6739e393efa4b3d07f451a6a035cFixed6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69
Affected versions
v5.*
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221479595934997378541436760735326007966",
"137195094734986968768988307272715555157",
"314106885656353795959587951346251783020",
"252789594294450419932078973427175878872"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c75d1017cb362b6a4e0935746ef5da28250919f",
"deprecated": false,
"target": {
"file": "drivers/phy/ti/phy-j721e-wiz.c"
},
"signature_type": "Line",
"id": "CVE-2022-48803-11516274"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221479595934997378541436760735326007966",
"137195094734986968768988307272715555157",
"123123940917233831422748903652127423568",
"297715884369210219145444164764744595048"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5b0c9569135a37348c1267c81e8b0274b21a86ed",
"deprecated": false,
"target": {
"file": "drivers/phy/ti/phy-j721e-wiz.c"
},
"signature_type": "Line",
"id": "CVE-2022-48803-2d54cea4"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221479595934997378541436760735326007966",
"137195094734986968768988307272715555157",
"123123940917233831422748903652127423568",
"297715884369210219145444164764744595048"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a360e546ad9e7c3fd53d6bb60348c660cd28f54",
"deprecated": false,
"target": {
"file": "drivers/phy/ti/phy-j721e-wiz.c"
},
"signature_type": "Line",
"id": "CVE-2022-48803-338a51b5"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221479595934997378541436760735326007966",
"137195094734986968768988307272715555157",
"123123940917233831422748903652127423568",
"297715884369210219145444164764744595048"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69",
"deprecated": false,
"target": {
"file": "drivers/phy/ti/phy-j721e-wiz.c"
},
"signature_type": "Line",
"id": "CVE-2022-48803-c7545e73"
}
]
}