DEBIAN-CVE-2022-48803

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-48803
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-48803.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-48803
Upstream
Published
2024-07-16T12:15:04Z
Modified
2025-09-30T05:15:49.668334Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clkdivtable gettablemaxdiv() tries to access "clkdivtable" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN. [ 9.552392] BUG: KASAN: global-out-of-bounds in _getmaxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT) [ 9.581832] Workqueue: eventsunbound deferredprobeworkfunc [ 9.587708] Call trace: [ 9.590174] dumpbacktrace+0x20c/0x218 [ 9.594038] showstack+0x18/0x68 [ 9.597375] dumpstacklvl+0x9c/0xd8 [ 9.601062] printaddressdescription.constprop.0+0x78/0x334 [ 9.606830] kasanreport+0x1f0/0x260 [ 9.610517] _asanload4+0x9c/0xd8 [ 9.614030] _getmaxdiv+0xc0/0x148 [ 9.617540] dividerdeterminerate+0x88/0x488 [ 9.622005] dividerroundrateparent+0xc8/0x124 [ 9.626729] wizclkdivroundrate+0x54/0x68 [ 9.631113] clkcoredetermineroundnolock+0x124/0x158 [ 9.636448] clkcoreroundratenolock+0x68/0x138 [ 9.641260] clkcoresetratenolock+0x268/0x3a8 [ 9.645987] clksetrate+0x50/0xa8 [ 9.649499] cdnssierraphyinit+0x88/0x248 [ 9.653794] phyinit+0x98/0x108 [ 9.657046] cdnspcieenablephy+0xa0/0x170 [ 9.661340] cdnspcieinitphy+0x250/0x2b0 [ 9.665546] j721epcieprobe+0x4b8/0x798 [ 9.669579] platformprobe+0x8c/0x108 [ 9.673350] reallyprobe+0x114/0x630 [ 9.677037] _driverprobedevice+0x18c/0x220 [ 9.681505] driverprobedevice+0xac/0x150 [ 9.685712] _deviceattachdriver+0xec/0x170 [ 9.690178] busforeachdrv+0xf0/0x158 [ 9.694124] _deviceattach+0x184/0x210 [ 9.698070] deviceinitialprobe+0x14/0x20 [ 9.702277] busprobedevice+0xec/0x100 [ 9.706223] deferredprobeworkfunc+0x124/0x180 [ 9.710951] processonework+0x4b0/0xbc0 [ 9.714983] workerthread+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] retfromfork+0x10/0x20 [ 9.725520] [ 9.727032] The buggy address belongs to the variable: [ 9.732183] clkdivtable+0x24/0x440

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.103-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}