CVE-2022-48927

On one side we have indiodev->numchannels includes all physical channels + timestamp channel. On other side we have an array allocated only for physical channels. So, fix memory corruption by ARRAYSIZE() instead of numchannels variable.

Note the first case is a cleanup rather than a fix as the software timestamp channel bit in active_scanmask is never set by the IIO core.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9374e8f5a38defe90bc65b2decf317c1c62d91dd

Fixed

0cb9b2f73c182d242a640e512f4785c7c504512f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9374e8f5a38defe90bc65b2decf317c1c62d91dd

Fixed

082d2c047b0d305bb0b6e9f9d671a09470e2db2d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9374e8f5a38defe90bc65b2decf317c1c62d91dd

Fixed

b7a78a8adaa8849c02f174d707aead0f85dca0da

Affected versions

v5.*

v5.13

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.3

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.10

v5.16.11

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.16.8

v5.16.9

v5.17-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "324103556240664539724377665773606903257",
            "length": 1226.0
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_setup_spi_msg"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a78a8adaa8849c02f174d707aead0f85dca0da",
        "id": "CVE-2022-48927-1aafa757",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137535559847389312744880093233145832823",
                "94456167135768657693344813882359312251",
                "217891026001923807502245601279305871863",
                "235166042073913663007065421631061679716",
                "115734083215077372500644634517648303221",
                "290941450351685303921271207543406688079",
                "89234881339033948760667130513531089137",
                "286596058452753194472035618725590913501"
            ]
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@082d2c047b0d305bb0b6e9f9d671a09470e2db2d",
        "id": "CVE-2022-48927-2567d7ed",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "324103556240664539724377665773606903257",
            "length": 1226.0
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_setup_spi_msg"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@082d2c047b0d305bb0b6e9f9d671a09470e2db2d",
        "id": "CVE-2022-48927-2aff4a9c",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "305807073538489853033870041578683274462",
            "length": 709.0
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_update_scan_mode"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb9b2f73c182d242a640e512f4785c7c504512f",
        "id": "CVE-2022-48927-2d64c44c",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "305807073538489853033870041578683274462",
            "length": 709.0
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_update_scan_mode"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@082d2c047b0d305bb0b6e9f9d671a09470e2db2d",
        "id": "CVE-2022-48927-3dae0bf2",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "305807073538489853033870041578683274462",
            "length": 709.0
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_update_scan_mode"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a78a8adaa8849c02f174d707aead0f85dca0da",
        "id": "CVE-2022-48927-8c11ac3c",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "324103556240664539724377665773606903257",
            "length": 1226.0
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c",
            "function": "tsc2046_adc_setup_spi_msg"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb9b2f73c182d242a640e512f4785c7c504512f",
        "id": "CVE-2022-48927-9f70fa50",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137535559847389312744880093233145832823",
                "94456167135768657693344813882359312251",
                "217891026001923807502245601279305871863",
                "235166042073913663007065421631061679716",
                "115734083215077372500644634517648303221",
                "290941450351685303921271207543406688079",
                "89234881339033948760667130513531089137",
                "286596058452753194472035618725590913501"
            ]
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7a78a8adaa8849c02f174d707aead0f85dca0da",
        "id": "CVE-2022-48927-aab9264c",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137535559847389312744880093233145832823",
                "94456167135768657693344813882359312251",
                "217891026001923807502245601279305871863",
                "235166042073913663007065421631061679716",
                "115734083215077372500644634517648303221",
                "290941450351685303921271207543406688079",
                "89234881339033948760667130513531089137",
                "286596058452753194472035618725590913501"
            ]
        },
        "target": {
            "file": "drivers/iio/adc/ti-tsc2046.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb9b2f73c182d242a640e512f4785c7c504512f",
        "id": "CVE-2022-48927-d0ee9389",
        "deprecated": false,
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.14.0

Fixed

5.15.26

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.12