CVE-2022-49507
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49507
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49507.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49507
- Downstream
- Related
- Published
- 2025-02-26T02:13:38Z
- Modified
- 2025-10-21T10:34:47.280899Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
regulator: da9121: Fix uninit-value in da9121assignchip_model()
KASAN report slab-out-of-bounds in _regmapinit as follows:
BUG: KASAN: slab-out-of-bounds in _regmapinit drivers/base/regmap/regmap.c:841 Read of size 1 at addr ffff88803678cdf1 by task xrun/9137
CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dumpstacklvl+0xe8/0x15a lib/dumpstack.c:88 printreport.cold+0xcd/0x69b mm/kasan/report.c:313 kasanreport+0x8e/0xc0 mm/kasan/report.c:491 _regmapinit+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841 _devmregmapinit+0x7a/0x100 drivers/base/regmap/regmap.c:1266 _devmregmapiniti2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394 da9121i2cprobe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039 i2cdeviceprobe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563
This happend when da9121 device is probe by da9121i2cid, but with invalid dts. Thus, chip->subvariantid is set to -EINVAL, and later da9121assignchipmodel() will access 'regmap' without init it.
Fix it by return -EINVAL from da9121assignchipmodel() if 'chip->subvariantid' is invalid.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/60f21eda69f1b5727a97d2077da766eb27fcc21f
- https://git.kernel.org/stable/c/7da64c7c82c9b29b628a62c88a8c2fb06990563d
- https://git.kernel.org/stable/c/bab76514aca36bc513224525d5598da676938218
- https://git.kernel.org/stable/c/be96baa0c79588084e0d7a4fa21c574cec9a57f4
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixedbe96baa0c79588084e0d7a4fa21c574cec9a57f4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixed7da64c7c82c9b29b628a62c88a8c2fb06990563d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixed60f21eda69f1b5727a97d2077da766eb27fcc21f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixedbab76514aca36bc513224525d5598da676938218
Affected versions
v5.*
v5.10
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f21eda69f1b5727a97d2077da766eb27fcc21f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-7e803e5f",
"target": {
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"140913568925713312745434157648582484565",
"66869105530153617401220177190139622437",
"111871284861921487041757793089610972212",
"60892550607398445800053056816870079073"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be96baa0c79588084e0d7a4fa21c574cec9a57f4",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-9a48e75c",
"target": {
"function": "da9121_assign_chip_model",
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"length": 1152.0,
"function_hash": "41253869229271123860583208683648818608"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bab76514aca36bc513224525d5598da676938218",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-b1c36f5e",
"target": {
"function": "da9121_assign_chip_model",
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"length": 1382.0,
"function_hash": "178393370998132346987360542962850892091"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7da64c7c82c9b29b628a62c88a8c2fb06990563d",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-b862e14c",
"target": {
"function": "da9121_assign_chip_model",
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"length": 1382.0,
"function_hash": "178393370998132346987360542962850892091"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7da64c7c82c9b29b628a62c88a8c2fb06990563d",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-c334e29d",
"target": {
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"140913568925713312745434157648582484565",
"66869105530153617401220177190139622437",
"111871284861921487041757793089610972212",
"60892550607398445800053056816870079073"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be96baa0c79588084e0d7a4fa21c574cec9a57f4",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-d952af67",
"target": {
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"255771111953563161286902354415948962589",
"33693845859057797861689850284279360793",
"111871284861921487041757793089610972212",
"60892550607398445800053056816870079073"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bab76514aca36bc513224525d5598da676938218",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-ea279565",
"target": {
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"140913568925713312745434157648582484565",
"66869105530153617401220177190139622437",
"111871284861921487041757793089610972212",
"60892550607398445800053056816870079073"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f21eda69f1b5727a97d2077da766eb27fcc21f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49507-ffdd147d",
"target": {
"function": "da9121_assign_chip_model",
"file": "drivers/regulator/da9121-regulator.c"
},
"digest": {
"length": 1382.0,
"function_hash": "178393370998132346987360542962850892091"
},
"signature_type": "Function"
}
]