cve-2022-48803
Vulnerability from cvelistv5
Published
2024-07-16 11:43
Modified
2024-11-04 12:16
Severity ?
EPSS score ?
Summary
phy: ti: Fix missing sentinel for clk_div_table
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:58:57.262200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:14.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-j721e-wiz.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c75d1017cb3",
"status": "affected",
"version": "091876cc355d",
"versionType": "git"
},
{
"lessThan": "7a360e546ad9",
"status": "affected",
"version": "091876cc355d",
"versionType": "git"
},
{
"lessThan": "5b0c9569135a",
"status": "affected",
"version": "091876cc355d",
"versionType": "git"
},
{
"lessThan": "6d1e6bcb3166",
"status": "affected",
"version": "091876cc355d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-j721e-wiz.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: Fix missing sentinel for clk_div_table\n\n_get_table_maxdiv() tries to access \"clk_div_table\" array out of bound\ndefined in phy-j721e-wiz.c. Add a sentinel entry to prevent\nthe following global-out-of-bounds error reported by enabling KASAN.\n\n[ 9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148\n[ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38\n[ 9.565926]\n[ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360\n[ 9.576242] Hardware name: Texas Instruments J721e EVM (DT)\n[ 9.581832] Workqueue: events_unbound deferred_probe_work_func\n[ 9.587708] Call trace:\n[ 9.590174] dump_backtrace+0x20c/0x218\n[ 9.594038] show_stack+0x18/0x68\n[ 9.597375] dump_stack_lvl+0x9c/0xd8\n[ 9.601062] print_address_description.constprop.0+0x78/0x334\n[ 9.606830] kasan_report+0x1f0/0x260\n[ 9.610517] __asan_load4+0x9c/0xd8\n[ 9.614030] _get_maxdiv+0xc0/0x148\n[ 9.617540] divider_determine_rate+0x88/0x488\n[ 9.622005] divider_round_rate_parent+0xc8/0x124\n[ 9.626729] wiz_clk_div_round_rate+0x54/0x68\n[ 9.631113] clk_core_determine_round_nolock+0x124/0x158\n[ 9.636448] clk_core_round_rate_nolock+0x68/0x138\n[ 9.641260] clk_core_set_rate_nolock+0x268/0x3a8\n[ 9.645987] clk_set_rate+0x50/0xa8\n[ 9.649499] cdns_sierra_phy_init+0x88/0x248\n[ 9.653794] phy_init+0x98/0x108\n[ 9.657046] cdns_pcie_enable_phy+0xa0/0x170\n[ 9.661340] cdns_pcie_init_phy+0x250/0x2b0\n[ 9.665546] j721e_pcie_probe+0x4b8/0x798\n[ 9.669579] platform_probe+0x8c/0x108\n[ 9.673350] really_probe+0x114/0x630\n[ 9.677037] __driver_probe_device+0x18c/0x220\n[ 9.681505] driver_probe_device+0xac/0x150\n[ 9.685712] __device_attach_driver+0xec/0x170\n[ 9.690178] bus_for_each_drv+0xf0/0x158\n[ 9.694124] __device_attach+0x184/0x210\n[ 9.698070] device_initial_probe+0x14/0x20\n[ 9.702277] bus_probe_device+0xec/0x100\n[ 9.706223] deferred_probe_work_func+0x124/0x180\n[ 9.710951] process_one_work+0x4b0/0xbc0\n[ 9.714983] worker_thread+0x74/0x5d0\n[ 9.718668] kthread+0x214/0x230\n[ 9.721919] ret_from_fork+0x10/0x20\n[ 9.725520]\n[ 9.727032] The buggy address belongs to the variable:\n[ 9.732183] clk_div_table+0x24/0x440"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T12:16:52.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f"
},
{
"url": "https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54"
},
{
"url": "https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed"
},
{
"url": "https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69"
}
],
"title": "phy: ti: Fix missing sentinel for clk_div_table",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48803",
"datePublished": "2024-07-16T11:43:55.616Z",
"dateReserved": "2024-07-16T11:38:08.896Z",
"dateUpdated": "2024-11-04T12:16:52.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48803\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-16T12:15:04.760\",\"lastModified\":\"2024-11-21T07:34:07.110\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nphy: ti: Fix missing sentinel for clk_div_table\\n\\n_get_table_maxdiv() tries to access \\\"clk_div_table\\\" array out of bound\\ndefined in phy-j721e-wiz.c. Add a sentinel entry to prevent\\nthe following global-out-of-bounds error reported by enabling KASAN.\\n\\n[ 9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148\\n[ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38\\n[ 9.565926]\\n[ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360\\n[ 9.576242] Hardware name: Texas Instruments J721e EVM (DT)\\n[ 9.581832] Workqueue: events_unbound deferred_probe_work_func\\n[ 9.587708] Call trace:\\n[ 9.590174] dump_backtrace+0x20c/0x218\\n[ 9.594038] show_stack+0x18/0x68\\n[ 9.597375] dump_stack_lvl+0x9c/0xd8\\n[ 9.601062] print_address_description.constprop.0+0x78/0x334\\n[ 9.606830] kasan_report+0x1f0/0x260\\n[ 9.610517] __asan_load4+0x9c/0xd8\\n[ 9.614030] _get_maxdiv+0xc0/0x148\\n[ 9.617540] divider_determine_rate+0x88/0x488\\n[ 9.622005] divider_round_rate_parent+0xc8/0x124\\n[ 9.626729] wiz_clk_div_round_rate+0x54/0x68\\n[ 9.631113] clk_core_determine_round_nolock+0x124/0x158\\n[ 9.636448] clk_core_round_rate_nolock+0x68/0x138\\n[ 9.641260] clk_core_set_rate_nolock+0x268/0x3a8\\n[ 9.645987] clk_set_rate+0x50/0xa8\\n[ 9.649499] cdns_sierra_phy_init+0x88/0x248\\n[ 9.653794] phy_init+0x98/0x108\\n[ 9.657046] cdns_pcie_enable_phy+0xa0/0x170\\n[ 9.661340] cdns_pcie_init_phy+0x250/0x2b0\\n[ 9.665546] j721e_pcie_probe+0x4b8/0x798\\n[ 9.669579] platform_probe+0x8c/0x108\\n[ 9.673350] really_probe+0x114/0x630\\n[ 9.677037] __driver_probe_device+0x18c/0x220\\n[ 9.681505] driver_probe_device+0xac/0x150\\n[ 9.685712] __device_attach_driver+0xec/0x170\\n[ 9.690178] bus_for_each_drv+0xf0/0x158\\n[ 9.694124] __device_attach+0x184/0x210\\n[ 9.698070] device_initial_probe+0x14/0x20\\n[ 9.702277] bus_probe_device+0xec/0x100\\n[ 9.706223] deferred_probe_work_func+0x124/0x180\\n[ 9.710951] process_one_work+0x4b0/0xbc0\\n[ 9.714983] worker_thread+0x74/0x5d0\\n[ 9.718668] kthread+0x214/0x230\\n[ 9.721919] ret_from_fork+0x10/0x20\\n[ 9.725520]\\n[ 9.727032] The buggy address belongs to the variable:\\n[ 9.732183] clk_div_table+0x24/0x440\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: phy: ti: corrige el centinela faltante para clk_div_table _get_table_maxdiv() intenta acceder a la matriz \\\"clk_div_table\\\" fuera del l\u00edmite definido en phy-j721e-wiz.c. Agregue una entrada centinela para evitar el siguiente error global fuera de los l\u00edmites informado al habilitar KASAN. [9.552392] ERROR: KASAN: global fuera de los l\u00edmites en _get_maxdiv+0xc0/0x148 [9.558948] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff8000095b25a4 por tarea kworker/u4:1/38 [9.565926] [9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 No contaminado 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Nombre de hardware: Texas Instruments J721e EVM (DT) [ 9.581832] Cola de trabajo: events_unbound deferred_probe_work_func [ 9.587708] Seguimiento de llamadas: [ 9.590174] dump_backtrace+0x20c/0x218 [ 9.594038] show_stack+0x18/0x68 [ 9.597375] dump_stack_lvl+0x9c/0xd8 [ 9.601062] print_address_description.constprop.0+0x78/0x334 [ 9.606830] 0x1f0/0x260 [9.610517] __asan_load4+0x9c/0xd8 [ 9.614030] _get_maxdiv+0xc0/0x148 [ 9.617540] divider_determinate_rate+0x88/0x488 [ 9.622005] divider_round_rate_parent+0xc8/0x124 [ 9.626729] wiz_clk_div_round_rate+0x54/0x68 [ 9.6 31113] clk_core_determine_round_nolock+0x124/0x158 [ 9.636448] clk_core_round_rate_nolock+0x68/0x138 [ 9.641260] clk_core_set_rate_nolock+0x268/0x3a8 [ 9.645987] clk_set_rate+0x50/0xa8 [ 9.649499] cdns_sierra_phy_init+0x88/0x248 [ 9.653794] phy_init+0x98/0x108 [ 9.657046] cdns_pcie_enable_phy+0xa0/0x170 [ 9.661340] cdns_pcie_init_phy+0x250/0x2b0 [ 9.665546] j721e_pcie_probe+ 0x4b8/0x798 [ 9.669579] platform_probe+0x8c/0x108 [ 9.673350] very_probe+0x114/0x630 [ 9.677037] __driver_probe_device+0x18c/0x220 [ 9.681505] driver_probe_device+0xac/0x 150 [9.685712] __device_attach_driver+0xec/0x170 [9.690178] bus_for_each_drv+0xf0/ 0x158 [ 9.694124] __device_attach+0x184/0x210 [ 9.698070] device_initial_probe+0x14/0x20 [ 9.702277] bus_probe_device+0xec/0x100 [ 9.706223] deferred_probe_work_func+0x124/0x1 80 [ 9.710951] proceso_un_trabajo+0x4b0/0xbc0 [ 9.714983] hilo_trabajador+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] ret_from_fork+0x10/0x20 [ 9.725520] [ 9.727032] La direcci\u00f3n del error pertenece a la variable: [ 9.732183] clk_div_table+0x24/0x440\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.