ghsa-8m68-8j9r-mr7v
Vulnerability from github
Published
2024-07-16 12:30
Modified
2024-07-16 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

phy: ti: Fix missing sentinel for clk_div_table

_get_table_maxdiv() tries to access "clk_div_table" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN.

[ 9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360 [ 9.576242] Hardware name: Texas Instruments J721e EVM (DT) [ 9.581832] Workqueue: events_unbound deferred_probe_work_func [ 9.587708] Call trace: [ 9.590174] dump_backtrace+0x20c/0x218 [ 9.594038] show_stack+0x18/0x68 [ 9.597375] dump_stack_lvl+0x9c/0xd8 [ 9.601062] print_address_description.constprop.0+0x78/0x334 [ 9.606830] kasan_report+0x1f0/0x260 [ 9.610517] __asan_load4+0x9c/0xd8 [ 9.614030] _get_maxdiv+0xc0/0x148 [ 9.617540] divider_determine_rate+0x88/0x488 [ 9.622005] divider_round_rate_parent+0xc8/0x124 [ 9.626729] wiz_clk_div_round_rate+0x54/0x68 [ 9.631113] clk_core_determine_round_nolock+0x124/0x158 [ 9.636448] clk_core_round_rate_nolock+0x68/0x138 [ 9.641260] clk_core_set_rate_nolock+0x268/0x3a8 [ 9.645987] clk_set_rate+0x50/0xa8 [ 9.649499] cdns_sierra_phy_init+0x88/0x248 [ 9.653794] phy_init+0x98/0x108 [ 9.657046] cdns_pcie_enable_phy+0xa0/0x170 [ 9.661340] cdns_pcie_init_phy+0x250/0x2b0 [ 9.665546] j721e_pcie_probe+0x4b8/0x798 [ 9.669579] platform_probe+0x8c/0x108 [ 9.673350] really_probe+0x114/0x630 [ 9.677037] __driver_probe_device+0x18c/0x220 [ 9.681505] driver_probe_device+0xac/0x150 [ 9.685712] __device_attach_driver+0xec/0x170 [ 9.690178] bus_for_each_drv+0xf0/0x158 [ 9.694124] __device_attach+0x184/0x210 [ 9.698070] device_initial_probe+0x14/0x20 [ 9.702277] bus_probe_device+0xec/0x100 [ 9.706223] deferred_probe_work_func+0x124/0x180 [ 9.710951] process_one_work+0x4b0/0xbc0 [ 9.714983] worker_thread+0x74/0x5d0 [ 9.718668] kthread+0x214/0x230 [ 9.721919] ret_from_fork+0x10/0x20 [ 9.725520] [ 9.727032] The buggy address belongs to the variable: [ 9.732183] clk_div_table+0x24/0x440

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2022-48803"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-16T12:15:04Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: Fix missing sentinel for clk_div_table\n\n_get_table_maxdiv() tries to access \"clk_div_table\" array out of bound\ndefined in phy-j721e-wiz.c. Add a sentinel entry to prevent\nthe following global-out-of-bounds error reported by enabling KASAN.\n\n[    9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148\n[    9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38\n[    9.565926]\n[    9.567441] CPU: 1 PID: 38 Comm: kworker/u4:1 Not tainted 5.16.0-116492-gdaadb3bd0e8d-dirty #360\n[    9.576242] Hardware name: Texas Instruments J721e EVM (DT)\n[    9.581832] Workqueue: events_unbound deferred_probe_work_func\n[    9.587708] Call trace:\n[    9.590174]  dump_backtrace+0x20c/0x218\n[    9.594038]  show_stack+0x18/0x68\n[    9.597375]  dump_stack_lvl+0x9c/0xd8\n[    9.601062]  print_address_description.constprop.0+0x78/0x334\n[    9.606830]  kasan_report+0x1f0/0x260\n[    9.610517]  __asan_load4+0x9c/0xd8\n[    9.614030]  _get_maxdiv+0xc0/0x148\n[    9.617540]  divider_determine_rate+0x88/0x488\n[    9.622005]  divider_round_rate_parent+0xc8/0x124\n[    9.626729]  wiz_clk_div_round_rate+0x54/0x68\n[    9.631113]  clk_core_determine_round_nolock+0x124/0x158\n[    9.636448]  clk_core_round_rate_nolock+0x68/0x138\n[    9.641260]  clk_core_set_rate_nolock+0x268/0x3a8\n[    9.645987]  clk_set_rate+0x50/0xa8\n[    9.649499]  cdns_sierra_phy_init+0x88/0x248\n[    9.653794]  phy_init+0x98/0x108\n[    9.657046]  cdns_pcie_enable_phy+0xa0/0x170\n[    9.661340]  cdns_pcie_init_phy+0x250/0x2b0\n[    9.665546]  j721e_pcie_probe+0x4b8/0x798\n[    9.669579]  platform_probe+0x8c/0x108\n[    9.673350]  really_probe+0x114/0x630\n[    9.677037]  __driver_probe_device+0x18c/0x220\n[    9.681505]  driver_probe_device+0xac/0x150\n[    9.685712]  __device_attach_driver+0xec/0x170\n[    9.690178]  bus_for_each_drv+0xf0/0x158\n[    9.694124]  __device_attach+0x184/0x210\n[    9.698070]  device_initial_probe+0x14/0x20\n[    9.702277]  bus_probe_device+0xec/0x100\n[    9.706223]  deferred_probe_work_func+0x124/0x180\n[    9.710951]  process_one_work+0x4b0/0xbc0\n[    9.714983]  worker_thread+0x74/0x5d0\n[    9.718668]  kthread+0x214/0x230\n[    9.721919]  ret_from_fork+0x10/0x20\n[    9.725520]\n[    9.727032] The buggy address belongs to the variable:\n[    9.732183]  clk_div_table+0x24/0x440",
  "id": "GHSA-8m68-8j9r-mr7v",
  "modified": "2024-07-16T12:30:40Z",
  "published": "2024-07-16T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48803"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c75d1017cb362b6a4e0935746ef5da28250919f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b0c9569135a37348c1267c81e8b0274b21a86ed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d1e6bcb31663ee83aaea1f171f3dbfe95dd4a69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a360e546ad9e7c3fd53d6bb60348c660cd28f54"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.