CVE-2022-48927

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to memory corruption by preventing array overflow in the tsc2046 component of the Linux kernel. It occurs because indio dev->num channels includes all physical channels plus the timestamp channel, while an array is allocated only for physical channels. The fix involves using ARRAY SIZE() instead of the num channels variable to prevent memory corruption. The software timestamp channel bit in active scanmask is never set by the IIO core, making the first case a cleanup rather than a fix. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.