CVE-2022-48716

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the functions wcd938x set swr port() and wcd938x get swr port() in the Linux kernel's sound/soc/codecs/wcd938x.c module. It involves a memory write beyond the allocated buffer, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises from the incorrect use of portid in mixer controls, where the channel id in mixer->reg is not the same as the port id, which should be derived from the chan info array. This can lead to corruption of the struct wcd938x sdw priv by accessing the port map array out of range with the channel id instead of the port id.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.