In the Linux kernel, the following vulnerability has been resolved:
Input: iforce - invert valid length check when fetching device IDs
syzbot is reporting uninitialized value at iforceinitdevice() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforcegetid_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdd57c20d4408cac3c3c535c120d244e083406c9", "signature_type": "Function", "target": { "function": "iforce_init_device", "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "length": 3793.0, "function_hash": "34332498985629464001300027896163154367" }, "id": "CVE-2022-49790-0c7f9179" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3", "signature_type": "Function", "target": { "function": "iforce_init_device", "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "length": 3793.0, "function_hash": "34332498985629464001300027896163154367" }, "id": "CVE-2022-49790-15aa3c66" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6365569d62a75ddf53fb0c2936c16587a365984c", "signature_type": "Function", "target": { "function": "iforce_init_device", "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "length": 3793.0, "function_hash": "34332498985629464001300027896163154367" }, "id": "CVE-2022-49790-401436e1" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3", "signature_type": "Line", "target": { "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "line_hashes": [ "147910347402325900942346845961306955619", "78960237405892787156782433223276319416", "322946916633436844345704193323868419030", "306590916004253530584322772726533601535", "235944852068888922794965410777704984822", "114709397777057879022534074770198959381", "203743944015879024241226630512220243003", "322410120558699587657302404173717733464", "211069277592866694730199558939899671367", "25249800881261327134760116369345453453", "313957186924149261169043038417091421379", "292242456734413787933253199987393825447", "329148226909264402392306849312009446375", "5559333219443040396059454765618007262", "115731640518356869295144472528439585867", "98791399951335951706018999006530814600" ], "threshold": 0.9 }, "id": "CVE-2022-49790-434ecc96" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b8ebf250997c5fb253582f42bfe98673801ebebd", "signature_type": "Function", "target": { "function": "iforce_init_device", "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "length": 3793.0, "function_hash": "34332498985629464001300027896163154367" }, "id": "CVE-2022-49790-91e4e794" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6365569d62a75ddf53fb0c2936c16587a365984c", "signature_type": "Line", "target": { "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "line_hashes": [ "147910347402325900942346845961306955619", "78960237405892787156782433223276319416", "322946916633436844345704193323868419030", "306590916004253530584322772726533601535", "235944852068888922794965410777704984822", "114709397777057879022534074770198959381", "203743944015879024241226630512220243003", "322410120558699587657302404173717733464", "211069277592866694730199558939899671367", "25249800881261327134760116369345453453", "313957186924149261169043038417091421379", "292242456734413787933253199987393825447", "329148226909264402392306849312009446375", "5559333219443040396059454765618007262", "115731640518356869295144472528439585867", "98791399951335951706018999006530814600" ], "threshold": 0.9 }, "id": "CVE-2022-49790-a4bb41fb" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdd57c20d4408cac3c3c535c120d244e083406c9", "signature_type": "Line", "target": { "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "line_hashes": [ "147910347402325900942346845961306955619", "78960237405892787156782433223276319416", "322946916633436844345704193323868419030", "306590916004253530584322772726533601535", "235944852068888922794965410777704984822", "114709397777057879022534074770198959381", "203743944015879024241226630512220243003", "322410120558699587657302404173717733464", "211069277592866694730199558939899671367", "25249800881261327134760116369345453453", "313957186924149261169043038417091421379", "292242456734413787933253199987393825447", "329148226909264402392306849312009446375", "5559333219443040396059454765618007262", "115731640518356869295144472528439585867", "98791399951335951706018999006530814600" ], "threshold": 0.9 }, "id": "CVE-2022-49790-caaa44be" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b8ebf250997c5fb253582f42bfe98673801ebebd", "signature_type": "Line", "target": { "file": "drivers/input/joystick/iforce/iforce-main.c" }, "deprecated": false, "digest": { "line_hashes": [ "147910347402325900942346845961306955619", "78960237405892787156782433223276319416", "322946916633436844345704193323868419030", "306590916004253530584322772726533601535", "235944852068888922794965410777704984822", "114709397777057879022534074770198959381", "203743944015879024241226630512220243003", "322410120558699587657302404173717733464", "211069277592866694730199558939899671367", "25249800881261327134760116369345453453", "313957186924149261169043038417091421379", "292242456734413787933253199987393825447", "329148226909264402392306849312009446375", "5559333219443040396059454765618007262", "115731640518356869295144472528439585867", "98791399951335951706018999006530814600" ], "threshold": 0.9 }, "id": "CVE-2022-49790-ea4c0d15" } ] }