CVE-2022-49551

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the isp1760 driver. The issue arises from an out-of-bounds array access, which occurs because the loop reading regmap fields for different ISP1760 variants expects arrays to be at least HC FIELD MAX - 1 long. However, the arrays isp1760 hc reg fields[], isp1763 hc reg fields[], isp1763 hc volatile ranges[], and isp1763 dc volatile ranges[] are dynamically sized during compilation. This vulnerability can be exploited, potentially allowing unauthorized access or data corruption.

Recommendations To resolve this issue, apply the fix by adding an empty assignment to the [HC FIELD MAX] and [DC FIELD MAX] array member at the end of each array, making the array one member longer than it needs to be. This will avoid the risk of overwriting whatever is inside [HC FIELD MAX - 1] and is simple and intuitive to read. Additionally, add comments explaining what is going on to ensure clarity and understanding of the fix.