CVE-2022-49507
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49507
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49507.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49507
- Downstream
- Related
- Published
- 2025-02-26T02:13:38.821Z
- Modified
- 2025-11-19T15:31:53.231064Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
regulator: da9121: Fix uninit-value in da9121assignchip_model()
KASAN report slab-out-of-bounds in _regmapinit as follows:
BUG: KASAN: slab-out-of-bounds in _regmapinit drivers/base/regmap/regmap.c:841 Read of size 1 at addr ffff88803678cdf1 by task xrun/9137
CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dumpstacklvl+0xe8/0x15a lib/dumpstack.c:88 printreport.cold+0xcd/0x69b mm/kasan/report.c:313 kasanreport+0x8e/0xc0 mm/kasan/report.c:491 _regmapinit+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841 _devmregmapinit+0x7a/0x100 drivers/base/regmap/regmap.c:1266 _devmregmapiniti2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394 da9121i2cprobe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039 i2cdeviceprobe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563
This happend when da9121 device is probe by da9121i2cid, but with invalid dts. Thus, chip->subvariantid is set to -EINVAL, and later da9121assignchipmodel() will access 'regmap' without init it.
Fix it by return -EINVAL from da9121assignchipmodel() if 'chip->subvariantid' is invalid.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/60f21eda69f1b5727a97d2077da766eb27fcc21f
- https://git.kernel.org/stable/c/7da64c7c82c9b29b628a62c88a8c2fb06990563d
- https://git.kernel.org/stable/c/bab76514aca36bc513224525d5598da676938218
- https://git.kernel.org/stable/c/be96baa0c79588084e0d7a4fa21c574cec9a57f4
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixedbe96baa0c79588084e0d7a4fa21c574cec9a57f4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixed7da64c7c82c9b29b628a62c88a8c2fb06990563d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixed60f21eda69f1b5727a97d2077da766eb27fcc21f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf3fbd5566f6a8cdb7c48ab29bd1096205b7fbcafFixedbab76514aca36bc513224525d5598da676938218
Affected versions
v5.*
Database specific
vanir_signatures
[
{
"target": {
"file": "drivers/regulator/da9121-regulator.c",
"function": "da9121_assign_chip_model"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be96baa0c79588084e0d7a4fa21c574cec9a57f4",
"digest": {
"function_hash": "41253869229271123860583208683648818608",
"length": 1152.0
},
"id": "CVE-2022-49507-9a48e75c",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "drivers/regulator/da9121-regulator.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be96baa0c79588084e0d7a4fa21c574cec9a57f4",
"digest": {
"line_hashes": [
"255771111953563161286902354415948962589",
"33693845859057797861689850284279360793",
"111871284861921487041757793089610972212",
"60892550607398445800053056816870079073"
],
"threshold": 0.9
},
"id": "CVE-2022-49507-d952af67",
"deprecated": false,
"signature_type": "Line"
}
]