CVE-2022-49507

CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dumpstacklvl+0xe8/0x15a lib/dumpstack.c:88 printreport.cold+0xcd/0x69b mm/kasan/report.c:313 kasan_report+0x8e/0xc0 mm/kasan/report.c:491 __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841 __devmregmapinit+0x7a/0x100 drivers/base/regmap/regmap.c:1266 _devmregmapiniti2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394 da9121i2cprobe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039 i2cdeviceprobe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563

This happend when da9121 device is probe by da9121i2cid, but with invalid dts. Thus, chip->subvariantid is set to -EINVAL, and later da9121assignchipmodel() will access 'regmap' without init it.

Fix it by return -EINVAL from da9121assignchipmodel() if 'chip->subvariantid' is invalid.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49507.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f3fbd5566f6a8cdb7c48ab29bd1096205b7fbcaf

Fixed

be96baa0c79588084e0d7a4fa21c574cec9a57f4

Fixed

7da64c7c82c9b29b628a62c88a8c2fb06990563d

Fixed

60f21eda69f1b5727a97d2077da766eb27fcc21f

Fixed

bab76514aca36bc513224525d5598da676938218

Affected versions

v5.*

v5.10

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.10

v5.17.11

v5.17.12

v5.17.13

v5.17.2

v5.17.3

v5.17.4

v5.17.5

v5.17.6

v5.17.7

v5.17.8

v5.17.9

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49507.json"

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f21eda69f1b5727a97d2077da766eb27fcc21f",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49507-7e803e5f",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "140913568925713312745434157648582484565",
                "66869105530153617401220177190139622437",
                "111871284861921487041757793089610972212",
                "60892550607398445800053056816870079073"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/regulator/da9121-regulator.c"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bab76514aca36bc513224525d5598da676938218",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49507-b1c36f5e",
        "digest": {
            "length": 1382.0,
            "function_hash": "178393370998132346987360542962850892091"
        },
        "signature_type": "Function",
        "target": {
            "file": "drivers/regulator/da9121-regulator.c",
            "function": "da9121_assign_chip_model"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bab76514aca36bc513224525d5598da676938218",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49507-ea279565",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "140913568925713312745434157648582484565",
                "66869105530153617401220177190139622437",
                "111871284861921487041757793089610972212",
                "60892550607398445800053056816870079073"
            ]
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/regulator/da9121-regulator.c"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f21eda69f1b5727a97d2077da766eb27fcc21f",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49507-ffdd147d",
        "digest": {
            "length": 1382.0,
            "function_hash": "178393370998132346987360542962850892091"
        },
        "signature_type": "Function",
        "target": {
            "file": "drivers/regulator/da9121-regulator.c",
            "function": "da9121_assign_chip_model"
        }
    }
]