CVE-2022-50558

Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq types") added the numconfigregs, then commit 9edd4f5aee84 ("regmap-irq: Deprecate type registers and virtual registers") suggested to replace numtypereg with it. However, regmapaddirqchipfwnode wasn't modified to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335: Convert irq chip to config regs") removed the old numtypereg property from the WCD9335 driver's struct regmapirqchip, causing a null pointer dereference in regmapirqsettype when it tried to index d->typebuf as it was never allocated in regmapaddirqchipfwnode:

[ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000

[ 39.200006] Call trace: [ 39.200014] regmapirqsettype+0x84/0x1c0 [ 39.200026] _irqsettrigger+0x60/0x1c0 [ 39.200040] _setupirq+0x2f4/0x78c [ 39.200051] requestthreadedirq+0xe8/0x1a0

Use numconfigregs in regmapaddirqchipfwnode instead of numtypereg, and fall back to it if numconfigregs isn't defined to maintain backward compatibility.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50558.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

faa87ce9196dbb074d75bd4aecb8bacf18f19b4e

Fixed

57bb34330c0fc70bb4ab96399a3c1b80e73e9d49

Fixed

961db32e52f4d34a9a95939a30393fd190397f84

Fixed

84498d1fb35de6ab71bdfdb6270a464fb4a0951b

Affected versions

v5.*

v5.19

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.15

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "regmap_add_irq_chip_fwnode",
            "file": "drivers/base/regmap/regmap-irq.c"
        },
        "digest": {
            "function_hash": "17025534087221857544051623851211513844",
            "length": 8672.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@961db32e52f4d34a9a95939a30393fd190397f84",
        "signature_type": "Function",
        "id": "CVE-2022-50558-2d9532e8"
    },
    {
        "target": {
            "function": "regmap_add_irq_chip_fwnode",
            "file": "drivers/base/regmap/regmap-irq.c"
        },
        "digest": {
            "function_hash": "17025534087221857544051623851211513844",
            "length": 8672.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57bb34330c0fc70bb4ab96399a3c1b80e73e9d49",
        "signature_type": "Function",
        "id": "CVE-2022-50558-32050ad9"
    },
    {
        "target": {
            "file": "drivers/base/regmap/regmap-irq.c"
        },
        "digest": {
            "line_hashes": [
                "256864806400906688864535423573137787435",
                "130737177832580984247800240726561400758",
                "217728819397284691442951375578564668633",
                "44750480912594196682650237906508507167",
                "24531912792373961669744913627165901872",
                "151447438688276454164373462043614078787",
                "67267742395609702781248436141033784570",
                "31699980628936776592329165436294332347",
                "230920028176883405597979052948724886627",
                "17386679132588592228962946479897555236",
                "325496041492357322296038455866722955661",
                "13160184421659324183716243920547192086",
                "321465926815671978278166245023034359763",
                "21330913828874403213820729246835115390"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84498d1fb35de6ab71bdfdb6270a464fb4a0951b",
        "signature_type": "Line",
        "id": "CVE-2022-50558-727c74d2"
    },
    {
        "target": {
            "file": "drivers/base/regmap/regmap-irq.c"
        },
        "digest": {
            "line_hashes": [
                "256864806400906688864535423573137787435",
                "130737177832580984247800240726561400758",
                "217728819397284691442951375578564668633",
                "44750480912594196682650237906508507167",
                "24531912792373961669744913627165901872",
                "151447438688276454164373462043614078787",
                "67267742395609702781248436141033784570",
                "31699980628936776592329165436294332347",
                "230920028176883405597979052948724886627",
                "17386679132588592228962946479897555236",
                "325496041492357322296038455866722955661",
                "13160184421659324183716243920547192086",
                "321465926815671978278166245023034359763",
                "21330913828874403213820729246835115390"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57bb34330c0fc70bb4ab96399a3c1b80e73e9d49",
        "signature_type": "Line",
        "id": "CVE-2022-50558-93e2801b"
    },
    {
        "target": {
            "file": "drivers/base/regmap/regmap-irq.c"
        },
        "digest": {
            "line_hashes": [
                "256864806400906688864535423573137787435",
                "130737177832580984247800240726561400758",
                "217728819397284691442951375578564668633",
                "44750480912594196682650237906508507167",
                "24531912792373961669744913627165901872",
                "151447438688276454164373462043614078787",
                "67267742395609702781248436141033784570",
                "31699980628936776592329165436294332347",
                "230920028176883405597979052948724886627",
                "17386679132588592228962946479897555236",
                "325496041492357322296038455866722955661",
                "13160184421659324183716243920547192086",
                "321465926815671978278166245023034359763",
                "21330913828874403213820729246835115390"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@961db32e52f4d34a9a95939a30393fd190397f84",
        "signature_type": "Line",
        "id": "CVE-2022-50558-c3bc75ce"
    },
    {
        "target": {
            "function": "regmap_add_irq_chip_fwnode",
            "file": "drivers/base/regmap/regmap-irq.c"
        },
        "digest": {
            "function_hash": "17025534087221857544051623851211513844",
            "length": 8672.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84498d1fb35de6ab71bdfdb6270a464fb4a0951b",
        "signature_type": "Function",
        "id": "CVE-2022-50558-cfc26ebb"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.16

Type: ECOSYSTEM
Events: Introduced

6.1.0

Fixed

6.1.2