CVE-2022-48803

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48803
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48803.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48803
Related
Published
2024-07-16T12:15:04Z
Modified
2024-09-11T04:57:03.180853Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

phy: ti: Fix missing sentinel for clkdivtable

gettablemaxdiv() tries to access "clkdiv_table" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN.

[ 9.552392] BUG: KASAN: global-out-of-bounds in getmaxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT) [ 9.581832] Workqueue: eventsunbound deferredprobeworkfunc [ 9.587708] Call trace: [ 9.590174] dumpbacktrace+0x20c/0x218 [ 9.594038] showstack+0x18/0x68 [ 9.597375] dumpstacklvl+0x9c/0xd8 [ 9.601062] printaddressdescription.constprop.0+0x78/0x334 [ 9.606830] kasanreport+0x1f0/0x260 [ 9.610517] _asanload4+0x9c/0xd8 [ 9.614030] _getmaxdiv+0xc0/0x148 [ 9.617540] dividerdeterminerate+0x88/0x488 [ 9.622005] dividerroundrateparent+0xc8/0x124 [ 9.626729] wizclkdivroundrate+0x54/0x68 [ 9.631113] clkcoredetermineroundnolock+0x124/0x158 [ 9.636448] clkcoreroundratenolock+0x68/0x138 [ 9.641260] clkcoresetratenolock+0x268/0x3a8 [ 9.645987] clksetrate+0x50/0xa8 [ 9.649499] cdnssierraphyinit+0x88/0x248 [ 9.653794] phyinit+0x98/0x108 [ 9.657046] cdnspcieenablephy+0xa0/0x170 [ 9.661340] cdnspcieinitphy+0x250/0x2b0 [ 9.665546] j721epcieprobe+0x4b8/0x798 [ 9.669579] platformprobe+0x8c/0x108 [ 9.673350] reallyprobe+0x114/0x630 [ 9.677037] _driverprobedevice+0x18c/0x220 [ 9.681505] driverprobedevice+0xac/0x150 [ 9.685712] _deviceattachdriver+0xec/0x170 [ 9.690178] busforeachdrv+0xf0/0x158 [ 9.694124] _deviceattach+0x184/0x210 [ 9.698070] deviceinitialprobe+0x14/0x20 [ 9.702277] busprobedevice+0xec/0x100 [ 9.706223] deferredprobeworkfunc+0x124/0x180 [ 9.710951] processonework+0x4b0/0xbc0 [ 9.714983] workerthread+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] retfromfork+0x10/0x20 [ 9.725520] [ 9.727032] The buggy address belongs to the variable: [ 9.732183] clkdivtable+0x24/0x440

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.103-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}