In the Linux kernel, the following vulnerability has been resolved:
ALSA: seq: Fix function prototype mismatch in sndseqexpandvarevent
With clang's kernel control flow integrity (kCFI, CONFIGCFICLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed.
seqcopyinuser() and seqcopyinkernel() did not have prototypes matching sndseqdumpfunct. Adjust this and remove the casts. There are not resulting binary output differences.
This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches.
[
{
"digest": {
"function_hash": "280148181471650004601153553232576321824",
"length": 173.0
},
"target": {
"function": "seq_copy_in_user",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936",
"signature_version": "v1",
"id": "CVE-2022-48994-0424a741"
},
{
"digest": {
"function_hash": "323999680772481864665238390632852474232",
"length": 612.0
},
"target": {
"function": "snd_seq_expand_var_event",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a",
"signature_version": "v1",
"id": "CVE-2022-48994-179ed526"
},
{
"digest": {
"function_hash": "11828574131102360737213319016531474111",
"length": 150.0
},
"target": {
"function": "seq_copy_in_kernel",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026",
"signature_version": "v1",
"id": "CVE-2022-48994-2f9a6fd5"
},
{
"digest": {
"function_hash": "11828574131102360737213319016531474111",
"length": 150.0
},
"target": {
"function": "seq_copy_in_kernel",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a",
"signature_version": "v1",
"id": "CVE-2022-48994-4a3cae3f"
},
{
"digest": {
"function_hash": "280148181471650004601153553232576321824",
"length": 173.0
},
"target": {
"function": "seq_copy_in_user",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a",
"signature_version": "v1",
"id": "CVE-2022-48994-4e64efd0"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"169389700553479827812415412324338350433",
"55317252711368143139619149851719666785",
"245161643856267823360124656689835995113",
"273469002874789635343013016809841945097",
"303652475261898302194787373337340390532",
"221317138076519660363785592826413081154",
"160836009832066590406451144290451021636",
"19826192317386993686954112371855393623",
"8581757551167843026563683056559646197",
"96274643926992157553346021521629715757",
"80874523953976433837466758703587224154",
"239255339672937999783750902316894375728",
"169919096177280059542059219695352361678",
"221601066658409443428567368930532428250",
"243242235866825977478840358589506842931",
"171352242934212758739678124212536668773"
]
},
"target": {
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026",
"signature_version": "v1",
"id": "CVE-2022-48994-70f14d5f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"169389700553479827812415412324338350433",
"55317252711368143139619149851719666785",
"245161643856267823360124656689835995113",
"273469002874789635343013016809841945097",
"303652475261898302194787373337340390532",
"221317138076519660363785592826413081154",
"160836009832066590406451144290451021636",
"19826192317386993686954112371855393623",
"8581757551167843026563683056559646197",
"96274643926992157553346021521629715757",
"80874523953976433837466758703587224154",
"239255339672937999783750902316894375728",
"169919096177280059542059219695352361678",
"221601066658409443428567368930532428250",
"243242235866825977478840358589506842931",
"171352242934212758739678124212536668773"
]
},
"target": {
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e385360705a0b346bdb57ce938249175d0613b8a",
"signature_version": "v1",
"id": "CVE-2022-48994-78b7e405"
},
{
"digest": {
"function_hash": "280148181471650004601153553232576321824",
"length": 173.0
},
"target": {
"function": "seq_copy_in_user",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026",
"signature_version": "v1",
"id": "CVE-2022-48994-82a4f99a"
},
{
"digest": {
"function_hash": "11828574131102360737213319016531474111",
"length": 150.0
},
"target": {
"function": "seq_copy_in_kernel",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936",
"signature_version": "v1",
"id": "CVE-2022-48994-949b1898"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"169389700553479827812415412324338350433",
"55317252711368143139619149851719666785",
"245161643856267823360124656689835995113",
"273469002874789635343013016809841945097",
"303652475261898302194787373337340390532",
"221317138076519660363785592826413081154",
"160836009832066590406451144290451021636",
"19826192317386993686954112371855393623",
"8581757551167843026563683056559646197",
"96274643926992157553346021521629715757",
"80874523953976433837466758703587224154",
"239255339672937999783750902316894375728",
"169919096177280059542059219695352361678",
"221601066658409443428567368930532428250",
"243242235866825977478840358589506842931",
"171352242934212758739678124212536668773"
]
},
"target": {
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936",
"signature_version": "v1",
"id": "CVE-2022-48994-d9467be5"
},
{
"digest": {
"function_hash": "211334043874402339012107088776498019945",
"length": 614.0
},
"target": {
"function": "snd_seq_expand_var_event",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05530ef7cf7c7d700f6753f058999b1b5099a026",
"signature_version": "v1",
"id": "CVE-2022-48994-faadc833"
},
{
"digest": {
"function_hash": "323999680772481864665238390632852474232",
"length": 612.0
},
"target": {
"function": "snd_seq_expand_var_event",
"file": "sound/core/seq/seq_memory.c"
},
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@63badfed200219ca656968725f1a43df293ac936",
"signature_version": "v1",
"id": "CVE-2022-48994-febe5310"
}
]