CVE-2022-49248

AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction") while 'deferrable' flag can be uninitialized for non-control/notify AV/C transactions. UBSAN reports it:

kernel: ================================================================================ kernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9 kernel: load of value 158 is not a valid value for type 'Bool' kernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu kernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019 kernel: Call Trace: kernel: <IRQ> kernel: showstack+0x52/0x58 kernel: dumpstacklvl+0x4a/0x5f kernel: dumpstack+0x10/0x12 kernel: ubsanepilogue+0x9/0x45 kernel: __ubsanhandleload_invalidvalue.cold+0x44/0x49 kernel: fcpresponse.part.0.cold+0x1a/0x2b [sndfirewirelib] kernel: fcpresponse+0x28/0x30 [sndfirewirelib] kernel: fwcorehandlerequest+0x230/0x3d0 [firewirecore] kernel: handlearpacket+0x1d9/0x200 [firewireohci] kernel: ? handlearpacket+0x1d9/0x200 [firewireohci] kernel: ? transmitcompletecallback+0x9f/0x120 [firewirecore] kernel: arcontexttasklet+0xa8/0x2e0 [firewireohci] kernel: taskletactioncommon.constprop.0+0xea/0xf0 kernel: taskletaction+0x22/0x30 kernel: __dosoftirq+0xd9/0x2e3 kernel: ? irqfinalizeoneshot.part.0+0xf0/0xf0 kernel: dosoftirq+0x75/0xa0 kernel: </IRQ> kernel: <TASK> kernel: __localbhenableip+0x50/0x60 kernel: irqforcedthreadfn+0x7e/0x90 kernel: irqthread+0xba/0x190 kernel: ? irqthreadfn+0x60/0x60 kernel: kthread+0x11e/0x140 kernel: ? irqthreadcheckaffinity+0xf0/0xf0 kernel: ? setkthreadstruct+0x50/0x50 kernel: retfromfork+0x22/0x30 kernel: </TASK> kernel: ================================================================================

This commit fixes the bug. The bug has no disadvantage for the non- control/notify AV/C transactions since the flag has an effect for AV/C response with INTERIM (0x0f) status which is not used for the transactions in AV/C general specification.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49248.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

00a7bb81c20f3e81711e28e0f6c08cee8fd18514

Fixed

99582e4b19f367fa95bdd150b3034d7ce8113342

Fixed

b2b65c9013dc28836d82e25d0f0c94d794a14aba

Fixed

60e5d391805d70458a01998de00d0c28cba40bf3

Fixed

7025f40690a235a118c87674cfb93072694aa66d

Fixed

7e6f5786621df060f8296f074efd275eaf20361a

Fixed

eab74c41612083bd627b60da650e19234e4f1051

Fixed

d07e4bbaff6fbba6f70c04b092ea7d9afcdf392e

Fixed

39d2c4a33dc1b4402cec68a3c8f82c6588b6edce

Fixed

bf0cd60b7e33cf221fbe1114e4acb2c828b0af0d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49248.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.16.0

Fixed

4.9.311

Type: ECOSYSTEM
Events: Introduced

4.10.0

Fixed

4.14.276

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.238

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.189

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.110

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.33

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.19

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

5.17.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49248.json"