CVE-2022-49518

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49518

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49518.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49518

Related

UBUNTU-CVE-2022-49518

Published

2025-02-26T07:01:27Z

Modified

2025-03-14T19:00:18Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc3-topology: Correct getcontroldata for non bytes payload

It is possible to craft a topology where sofgetcontrol_data() would do out of bounds access because it expects that it is only called when the payload is bytes type. Confusingly it also handles other types of controls, but the payload parsing implementation is only valid for bytes.

Fix the code to count the non bytes controls and instead of storing a pointer to sofabihdr in sofwidgetdata (which is only valid for bytes), store the pointer to the data itself and add a new member to save the size of the data.

In case of non bytes controls we store the pointer to the chanv itself, which is just an array of values at the end.

In case of bytes control, drop the wrong cdata->data (wdata[i].pdata) check against NULL since it is incorrect and invalid in this context. The data is pointing to the end of cdata struct, so it should never be null.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}