CVE-2022-49032

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an out-of-bounds read in the afe4404 [read|write] raw function. A KASAN report indicates a global-out-of-bounds read in afe4404 read raw+0x2ce/0x380. The bug is caused by accessing the afe4404 channel leds and afe4404 channel offdacs arrays with an index that is out of bounds, resulting in an out-of-bounds read. This issue can be reproduced by running the command $ cat /sys/bus/i2c/devices/0-0058/iio:device0/in intensity6 raw. The estimated number of potentially affected devices worldwide is not available.

Recommendations To resolve the issue, the access to the afe4404 channel leds and afe4404 channel offdacs arrays should be moved before they are used. As a temporary workaround, consider restricting access to the vulnerable afe4404 [read|write] raw function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.