In the Linux kernel, the following vulnerability has been resolved:
ALSA: seq: Fix function prototype mismatch in sndseqexpandvarevent
With clang's kernel control flow integrity (kCFI, CONFIGCFICLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed.
seqcopyinuser() and seqcopyinkernel() did not have prototypes matching sndseqdumpfunct. Adjust this and remove the casts. There are not resulting binary output differences.
This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches.
{ "vanir_signatures": [ { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-0424a741", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f46e95bf344abc4e74f8158901d32a869e0adb6", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-06eb8448", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b38486e82ecb9f3046e0184205f6b61408fc40c9", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-12d647a6", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a", "digest": { "length": 612.0, "function_hash": "323999680772481864665238390632852474232" }, "id": "CVE-2022-48994-179ed526", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15c42ab8d43acb73e2eba361ad05822c0af0ecfa", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-25c98f5d", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-2f9a6fd5", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@13ee8fb5410b740c8dd2867d3557c7662f7dda2d", "digest": { "length": 614.0, "function_hash": "211334043874402339012107088776498019945" }, "id": "CVE-2022-48994-33919834", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15c42ab8d43acb73e2eba361ad05822c0af0ecfa", "digest": { "length": 612.0, "function_hash": "323999680772481864665238390632852474232" }, "id": "CVE-2022-48994-3562e183", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-4a3cae3f", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-4e64efd0", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15c42ab8d43acb73e2eba361ad05822c0af0ecfa", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-6acdc625", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-70f14d5f", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@13ee8fb5410b740c8dd2867d3557c7662f7dda2d", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-7685b15d", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b38486e82ecb9f3046e0184205f6b61408fc40c9", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-773b4f0b", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15c42ab8d43acb73e2eba361ad05822c0af0ecfa", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-77cc3f43", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-78b7e405", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-82a4f99a", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-949b1898", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fccd454129f6a0739651f7f58307cdb631fd6e89", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-a355392a", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@13ee8fb5410b740c8dd2867d3557c7662f7dda2d", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-a6065c12", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fccd454129f6a0739651f7f58307cdb631fd6e89", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-b105d4a3", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b38486e82ecb9f3046e0184205f6b61408fc40c9", "digest": { "length": 612.0, "function_hash": "323999680772481864665238390632852474232" }, "id": "CVE-2022-48994-bc97e4e0", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f46e95bf344abc4e74f8158901d32a869e0adb6", "digest": { "length": 612.0, "function_hash": "323999680772481864665238390632852474232" }, "id": "CVE-2022-48994-c732f992", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fccd454129f6a0739651f7f58307cdb631fd6e89", "digest": { "length": 614.0, "function_hash": "211334043874402339012107088776498019945" }, "id": "CVE-2022-48994-cf9e773d", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@13ee8fb5410b740c8dd2867d3557c7662f7dda2d", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-d55c89f9", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936", "digest": { "threshold": 0.9, "line_hashes": [ "169389700553479827812415412324338350433", "55317252711368143139619149851719666785", "245161643856267823360124656689835995113", "273469002874789635343013016809841945097", "303652475261898302194787373337340390532", "221317138076519660363785592826413081154", "160836009832066590406451144290451021636", "19826192317386993686954112371855393623", "8581757551167843026563683056559646197", "96274643926992157553346021521629715757", "80874523953976433837466758703587224154", "239255339672937999783750902316894375728", "169919096177280059542059219695352361678", "221601066658409443428567368930532428250", "243242235866825977478840358589506842931", "171352242934212758739678124212536668773" ] }, "id": "CVE-2022-48994-d9467be5", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fccd454129f6a0739651f7f58307cdb631fd6e89", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-e723cabd", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_kernel" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f46e95bf344abc4e74f8158901d32a869e0adb6", "digest": { "length": 150.0, "function_hash": "11828574131102360737213319016531474111" }, "id": "CVE-2022-48994-f659e390", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f46e95bf344abc4e74f8158901d32a869e0adb6", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-fa9c4147", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026", "digest": { "length": 614.0, "function_hash": "211334043874402339012107088776498019945" }, "id": "CVE-2022-48994-faadc833", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "snd_seq_expand_var_event" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936", "digest": { "length": 612.0, "function_hash": "323999680772481864665238390632852474232" }, "id": "CVE-2022-48994-febe5310", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "sound/core/seq/seq_memory.c", "function": "seq_copy_in_user" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b38486e82ecb9f3046e0184205f6b61408fc40c9", "digest": { "length": 173.0, "function_hash": "280148181471650004601153553232576321824" }, "id": "CVE-2022-48994-ffd01739", "deprecated": false, "signature_type": "Function", "signature_version": "v1" } ] }