CVE-2022-49518

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, specifically in the ASoC: SOF: ipc3-topology component. The issue arises when the sof get control data() function is called with a non-bytes payload, leading to out-of-bounds access. This occurs because the function expects only bytes-type payloads, despite handling other control types. The payload parsing implementation is only valid for bytes, causing confusion. The vulnerability can be exploited by crafting a topology that triggers this out-of-bounds access.

Recommendations To resolve this issue, the code needs to be updated to correctly handle non-bytes controls by counting them and storing the pointer to the data itself, along with its size. For non-bytes controls, the pointer to the chanv should be stored, which is an array of values at the end. Additionally, the incorrect check against NULL for cdata->data (wdata[i].pdata) should be dropped for bytes controls, as the data points to the end of the cdata struct and should never be null. At the moment, there is no information about a newer version that contains a fix for this vulnerability.