In the Linux kernel, the following vulnerability has been resolved:
ASoC: max9759: fix underflow in speakergaincontrol_put()
Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> sndctlelemwriteuser() -> sndctlelem_write() -> kctl->put()
[
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "sound/soc/codecs/max9759.c"
},
"digest": {
"line_hashes": [
"78040415561622537884580566560065436053",
"303085424668264811841169546403588577740",
"245547518624121539110311491983596714028",
"319643233971980956070683764151189072203"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a45448ac95b715173edb1cd090ff24b6586d921",
"signature_version": "v1",
"id": "CVE-2022-48717-035e9d07"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "sound/soc/codecs/max9759.c",
"function": "speaker_gain_control_put"
},
"digest": {
"function_hash": "184951347778604271639694981596448750490",
"length": 441.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c907bcd9dcd233da6707059d777ab389dcbd964",
"signature_version": "v1",
"id": "CVE-2022-48717-0c25518e"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "sound/soc/codecs/max9759.c",
"function": "speaker_gain_control_put"
},
"digest": {
"function_hash": "184951347778604271639694981596448750490",
"length": 441.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a45448ac95b715173edb1cd090ff24b6586d921",
"signature_version": "v1",
"id": "CVE-2022-48717-115cd508"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "sound/soc/codecs/max9759.c",
"function": "speaker_gain_control_put"
},
"digest": {
"function_hash": "184951347778604271639694981596448750490",
"length": 441.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71e60c170105d153e34d01766c1e4db26a4b24cc",
"signature_version": "v1",
"id": "CVE-2022-48717-18a1c7a3"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "sound/soc/codecs/max9759.c",
"function": "speaker_gain_control_put"
},
"digest": {
"function_hash": "184951347778604271639694981596448750490",
"length": 441.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f114fd6165dfb52520755cc4d1c1dfbd447b88b6",
"signature_version": "v1",
"id": "CVE-2022-48717-3672513d"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "sound/soc/codecs/max9759.c"
},
"digest": {
"line_hashes": [
"78040415561622537884580566560065436053",
"303085424668264811841169546403588577740",
"245547518624121539110311491983596714028",
"319643233971980956070683764151189072203"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c907bcd9dcd233da6707059d777ab389dcbd964",
"signature_version": "v1",
"id": "CVE-2022-48717-85818885"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "sound/soc/codecs/max9759.c",
"function": "speaker_gain_control_put"
},
"digest": {
"function_hash": "184951347778604271639694981596448750490",
"length": 441.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a0f49d12547d45ea8b0f356a96632dd503941c1e",
"signature_version": "v1",
"id": "CVE-2022-48717-9cfa358b"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "sound/soc/codecs/max9759.c"
},
"digest": {
"line_hashes": [
"78040415561622537884580566560065436053",
"303085424668264811841169546403588577740",
"245547518624121539110311491983596714028",
"319643233971980956070683764151189072203"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a0f49d12547d45ea8b0f356a96632dd503941c1e",
"signature_version": "v1",
"id": "CVE-2022-48717-a07dd5f1"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "sound/soc/codecs/max9759.c"
},
"digest": {
"line_hashes": [
"78040415561622537884580566560065436053",
"303085424668264811841169546403588577740",
"245547518624121539110311491983596714028",
"319643233971980956070683764151189072203"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71e60c170105d153e34d01766c1e4db26a4b24cc",
"signature_version": "v1",
"id": "CVE-2022-48717-ba38603f"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "sound/soc/codecs/max9759.c"
},
"digest": {
"line_hashes": [
"78040415561622537884580566560065436053",
"303085424668264811841169546403588577740",
"245547518624121539110311491983596714028",
"319643233971980956070683764151189072203"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f114fd6165dfb52520755cc4d1c1dfbd447b88b6",
"signature_version": "v1",
"id": "CVE-2022-48717-fa3b8078"
}
]