CVE-2022-48927

On one side we have indiodev->numchannels includes all physical channels + timestamp channel. On other side we have an array allocated only for physical channels. So, fix memory corruption by ARRAYSIZE() instead of numchannels variable.

Note the first case is a cleanup rather than a fix as the software timestamp channel bit in active_scanmask is never set by the IIO core.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48927.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9374e8f5a38defe90bc65b2decf317c1c62d91dd

Fixed

0cb9b2f73c182d242a640e512f4785c7c504512f

Fixed

082d2c047b0d305bb0b6e9f9d671a09470e2db2d

Fixed

b7a78a8adaa8849c02f174d707aead0f85dca0da

Affected versions

v5.*

v5.13

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.3

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_setup_spi_msg"
        },
        "id": "CVE-2022-48927-1aafa757",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a78a8adaa8849c02f174d707aead0f85dca0da",
        "digest": {
            "function_hash": "324103556240664539724377665773606903257",
            "length": 1226.0
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_update_scan_mode"
        },
        "id": "CVE-2022-48927-8c11ac3c",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a78a8adaa8849c02f174d707aead0f85dca0da",
        "digest": {
            "function_hash": "305807073538489853033870041578683274462",
            "length": 709.0
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c"
        },
        "id": "CVE-2022-48927-aab9264c",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a78a8adaa8849c02f174d707aead0f85dca0da",
        "digest": {
            "line_hashes": [
                "137535559847389312744880093233145832823",
                "94456167135768657693344813882359312251",
                "217891026001923807502245601279305871863",
                "235166042073913663007065421631061679716",
                "115734083215077372500644634517648303221",
                "290941450351685303921271207543406688079",
                "89234881339033948760667130513531089137",
                "286596058452753194472035618725590913501"
            ],
            "threshold": 0.9
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48927.json"