Vulnerabilities > CVE-2022-49032 - Out-of-bounds Read vulnerability in Linux Kernel
Summary
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw The array size of afe4404_channel_leds and afe4404_channel_offdacs are less than channels, so access with chan->address cause OOB read in afe4404_[read|write]_raw. Fix it by moving access before use them.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
References
- https://git.kernel.org/stable/c/68de7da092f38395dde523f2e5db26eba6c23e28
- https://git.kernel.org/stable/c/113c08030a89aaf406f8a1d4549d758a67c2afba
- https://git.kernel.org/stable/c/f5575041ec15310bdc50c42b8b22118cc900226e
- https://git.kernel.org/stable/c/3f566b626029ca8598d48e5074e56bb37399ca1b
- https://git.kernel.org/stable/c/5eb114f55b37dbc0487aa9c1913b81bb7837f1c4
- https://git.kernel.org/stable/c/f7419fc42afc035f6b29ce713e17dcd2000c833f
- https://git.kernel.org/stable/c/d45d9f45e7b1365fd0d9bf14680d6d5082a590d1
- https://git.kernel.org/stable/c/fc92d9e3de0b2d30a3ccc08048a5fad533e4672b