CVE-2022-48716

ASoC: codecs: wcd938x: fix incorrect used of portid

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd938x: fix incorrect used of portid

Mixer controls have the channel id in mixer->reg, which is not same
as port id. port id should be derived from chan_info array.
So fix this. Without this, its possible that we could corrupt
struct wcd938x_sdw_priv by accessing port_map array out of range
with channel id instead of port id.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: códecs: wcd938x: corrige el uso incorrecto del puerto Los controles del mezclador tienen la identificación del canal en mezclador->reg, que no es la misma que la identificación del puerto. La identificación del puerto debe derivarse de la matriz chan_info. Entonces arregla esto. Sin esto, es posible que podamos dañar la estructura wcd938x_sdw_priv accediendo a la matriz port_map fuera del rango con la identificación del canal en lugar de la identificación del puerto.

*Credits: N/A

CVSS Scores

CISAv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-06-21 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/e8ba1e05bdc016700c85fad559a812c2e795442f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/aa7152f9f117b3e66b3c0d4158ca4c6d46ab229f	2022-02-08
https://git.kernel.org/stable/c/9167f2712dc8c24964840a4d1e2ebf130e846b95	2022-02-08
https://git.kernel.org/stable/c/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7	2022-01-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.16.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.16.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.17"		en		Affected