CVE-2022-48995
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48995
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48995.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48995
- Downstream
- Related
- Published
- 2024-10-21T20:06:11Z
- Modified
- 2025-10-21T08:13:15.992449Z
- Summary
- Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Input: raydiumtsi2c - fix memory leak in raydiumi2csend()
There is a kmemleak when test the raydiumi2cts with bpf mock device:
unreferenced object 0xffff88812d3675a0 (size 8): comm "python3", pid 349, jiffies 4294741067 (age 95.695s) hex dump (first 8 bytes): 11 0e 10 c0 01 00 04 00 ........ backtrace: [<0000000068427125>] _kmalloc+0x46/0x1b0 [<0000000090180f91>] raydiumi2csend+0xd4/0x2bf [raydiumi2cts] [<000000006e631aee>] raydiumi2cinitialize.cold+0xbc/0x3e4 [raydiumi2cts] [<00000000dc6fcf38>] raydiumi2cprobe+0x3cd/0x6bc [raydiumi2cts] [<00000000a310de16>] i2cdeviceprobe+0x651/0x680 [<00000000f5a96bf3>] reallyprobe+0x17c/0x3f0 [<00000000096ba499>] _driverprobedevice+0xe3/0x170 [<00000000c5acb4d9>] driverprobedevice+0x49/0x120 [<00000000264fe082>] _deviceattachdriver+0xf7/0x150 [<00000000f919423c>] busforeachdrv+0x114/0x180 [<00000000e067feca>] _deviceattach+0x1e5/0x2d0 [<0000000054301fc2>] busprobedevice+0x126/0x140 [<00000000aad93b22>] deviceadd+0x810/0x1130 [<00000000c086a53f>] i2cnewclientdevice+0x352/0x4e0 [<000000003c2c248c>] ofi2cregisterdevice+0xf1/0x110 [<00000000ffec4177>] ofi2cnotify+0x100/0x160 unreferenced object 0xffff88812d3675c8 (size 8): comm "python3", pid 349, jiffies 4294741070 (age 95.692s) hex dump (first 8 bytes): 22 00 36 2d 81 88 ff ff ".6-.... backtrace: [<0000000068427125>] _kmalloc+0x46/0x1b0 [<0000000090180f91>] raydiumi2csend+0xd4/0x2bf [raydiumi2cts] [<000000001d5c9620>] raydiumi2cinitialize.cold+0x223/0x3e4 [raydiumi2cts] [<00000000dc6fcf38>] raydiumi2cprobe+0x3cd/0x6bc [raydiumi2cts] [<00000000a310de16>] i2cdeviceprobe+0x651/0x680 [<00000000f5a96bf3>] reallyprobe+0x17c/0x3f0 [<00000000096ba499>] _driverprobedevice+0xe3/0x170 [<00000000c5acb4d9>] driverprobedevice+0x49/0x120 [<00000000264fe082>] _deviceattachdriver+0xf7/0x150 [<00000000f919423c>] busforeachdrv+0x114/0x180 [<00000000e067feca>] _deviceattach+0x1e5/0x2d0 [<0000000054301fc2>] busprobedevice+0x126/0x140 [<00000000aad93b22>] deviceadd+0x810/0x1130 [<00000000c086a53f>] i2cnewclientdevice+0x352/0x4e0 [<000000003c2c248c>] ofi2cregisterdevice+0xf1/0x110 [<00000000ffec4177>] ofi2cnotify+0x100/0x160
After BANKSWITCH command from i2c BUS, no matter success or error happened, the txbuf should be freed.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/097c1c7a28e3da8f2811ba532be6e81faab15aab
- https://git.kernel.org/stable/c/53b9b1201e34ccc895971218559123625c56fbcd
- https://git.kernel.org/stable/c/8c9a59939deb4bfafdc451100c03d1e848b4169b
- https://git.kernel.org/stable/c/a82869ac52f3d9db4b2cf8fd41edc2dee7a75a61
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2aFixeda82869ac52f3d9db4b2cf8fd41edc2dee7a75a61
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2aFixed53b9b1201e34ccc895971218559123625c56fbcd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2aFixed097c1c7a28e3da8f2811ba532be6e81faab15aab
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3b384bd6c3f2d6d3526c77bfb264dfbaf737bc2aFixed8c9a59939deb4bfafdc451100c03d1e848b4169b
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"id": "CVE-2022-48995-2a020ea6",
"signature_type": "Line",
"digest": {
"line_hashes": [
"196191030188782960044672882505629331270",
"220083643939728393583338543817868433094",
"83998199273516397506983766641116455914",
"29012593104893694261851871688993636184",
"9600925814668193041539808383979755368",
"142311772122228041763193885472088405800",
"148444602750622731575982620346943069782"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@097c1c7a28e3da8f2811ba532be6e81faab15aab",
"target": {
"file": "drivers/input/touchscreen/raydium_i2c_ts.c"
}
},
{
"id": "CVE-2022-48995-5ffacbd5",
"signature_type": "Line",
"digest": {
"line_hashes": [
"196191030188782960044672882505629331270",
"220083643939728393583338543817868433094",
"83998199273516397506983766641116455914",
"29012593104893694261851871688993636184",
"9600925814668193041539808383979755368",
"142311772122228041763193885472088405800",
"148444602750622731575982620346943069782"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@53b9b1201e34ccc895971218559123625c56fbcd",
"target": {
"file": "drivers/input/touchscreen/raydium_i2c_ts.c"
}
},
{
"id": "CVE-2022-48995-6b5cfad8",
"signature_type": "Function",
"digest": {
"length": 806.0,
"function_hash": "6665827880936869054101273646395001278"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@097c1c7a28e3da8f2811ba532be6e81faab15aab",
"target": {
"function": "raydium_i2c_send",
"file": "drivers/input/touchscreen/raydium_i2c_ts.c"
}
},
{
"id": "CVE-2022-48995-7790019f",
"signature_type": "Line",
"digest": {
"line_hashes": [
"196191030188782960044672882505629331270",
"220083643939728393583338543817868433094",
"83998199273516397506983766641116455914",
"29012593104893694261851871688993636184",
"9600925814668193041539808383979755368",
"142311772122228041763193885472088405800",
"148444602750622731575982620346943069782"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c9a59939deb4bfafdc451100c03d1e848b4169b",
"target": {
"file": "drivers/input/touchscreen/raydium_i2c_ts.c"
}
},
{
"id": "CVE-2022-48995-c2d37325",
"signature_type": "Function",
"digest": {
"length": 806.0,
"function_hash": "6665827880936869054101273646395001278"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c9a59939deb4bfafdc451100c03d1e848b4169b",
"target": {
"function": "raydium_i2c_send",
"file": "drivers/input/touchscreen/raydium_i2c_ts.c"
}
},
{
"id": "CVE-2022-48995-fb925713",
"signature_type": "Function",
"digest": {
"length": 806.0,
"function_hash": "6665827880936869054101273646395001278"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@53b9b1201e34ccc895971218559123625c56fbcd",
"target": {
"function": "raydium_i2c_send",
"file": "drivers/input/touchscreen/raydium_i2c_ts.c"
}
}
]