CVE-2022-48803

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48803
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48803.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48803
Downstream
Related
Published
2024-07-16T11:43:55.616Z
Modified
2026-03-13T05:59:31.789068Z
Summary
phy: ti: Fix missing sentinel for clk_div_table
Details

In the Linux kernel, the following vulnerability has been resolved:

phy: ti: Fix missing sentinel for clkdivtable

gettablemaxdiv() tries to access "clkdiv_table" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN.

[ 9.552392] BUG: KASAN: global-out-of-bounds in getmaxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT) [ 9.581832] Workqueue: eventsunbound deferredprobeworkfunc [ 9.587708] Call trace: [ 9.590174] dumpbacktrace+0x20c/0x218 [ 9.594038] showstack+0x18/0x68 [ 9.597375] dumpstacklvl+0x9c/0xd8 [ 9.601062] printaddressdescription.constprop.0+0x78/0x334 [ 9.606830] kasan_report+0x1f0/0x260 [ 9.610517] __asanload4+0x9c/0xd8 [ 9.614030] getmaxdiv+0xc0/0x148 [ 9.617540] dividerdeterminerate+0x88/0x488 [ 9.622005] dividerroundrateparent+0xc8/0x124 [ 9.626729] wizclkdivroundrate+0x54/0x68 [ 9.631113] clkcoredetermineroundnolock+0x124/0x158 [ 9.636448] clkcoreroundratenolock+0x68/0x138 [ 9.641260] clkcoresetratenolock+0x268/0x3a8 [ 9.645987] clksetrate+0x50/0xa8 [ 9.649499] cdnssierraphyinit+0x88/0x248 [ 9.653794] phyinit+0x98/0x108 [ 9.657046] cdnspcieenablephy+0xa0/0x170 [ 9.661340] cdnspcieinitphy+0x250/0x2b0 [ 9.665546] j721epcieprobe+0x4b8/0x798 [ 9.669579] platformprobe+0x8c/0x108 [ 9.673350] reallyprobe+0x114/0x630 [ 9.677037] __driverprobedevice+0x18c/0x220 [ 9.681505] driverprobedevice+0xac/0x150 [ 9.685712] __deviceattachdriver+0xec/0x170 [ 9.690178] busforeach_drv+0xf0/0x158 [ 9.694124] _deviceattach+0x184/0x210 [ 9.698070] deviceinitialprobe+0x14/0x20 [ 9.702277] busprobedevice+0xec/0x100 [ 9.706223] deferredprobeworkfunc+0x124/0x180 [ 9.710951] processonework+0x4b0/0xbc0 [ 9.714983] workerthread+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] retfromfork+0x10/0x20 [ 9.725520] [ 9.727032] The buggy address belongs to the variable: [ 9.732183] clkdivtable+0x24/0x440

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48803.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
091876cc355d6739e393efa4b3d07f451a6a035c
Fixed
3c75d1017cb362b6a4e0935746ef5da28250919f
Fixed
7a360e546ad9e7c3fd53d6bb60348c660cd28f54
Fixed
5b0c9569135a37348c1267c81e8b0274b21a86ed
Fixed
6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48803.json"