CVE-2022-48889

ASoC: Intel: sof-nau8825: fix module alias overflow

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: Intel: sof-nau8825: fix module alias overflow

The maximum name length for a platform_device_id entry is 20 characters
including the trailing NUL byte. The sof_nau8825.c file exceeds that,
which causes an obscure error message:

sound/soc/intel/boards/snd-soc-sof_nau8825.mod.c:35:45: error: illegal character encoding in string literal [-Werror,-Winvalid-source-encoding]
MODULE_ALIAS("platform:adl_max98373_nau8825<U+0018><AA>");
^~~~
include/linux/module.h:168:49: note: expanded from macro 'MODULE_ALIAS'
^~~~~~
include/linux/module.h:165:56: note: expanded from macro 'MODULE_INFO'
^~~~
include/linux/moduleparam.h:26:47: note: expanded from macro '__MODULE_INFO'
= __MODULE_INFO_PREFIX __stringify(tag) "=" info

I could not figure out how to make the module handling robust enough
to handle this better, but as a quick fix, using slightly shorter
names that are still unique avoids the build issue.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-21 CVE Reserved
2024-08-21 CVE Published
2024-08-22 EPSS Updated
2024-09-12 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/8d0872f6239f9d067d538d8368bdec643bb0d255	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fba1b23befd88366fe646787b3797e64d7338fd2	2023-01-18
https://git.kernel.org/stable/c/3e78986a840d59dd27e636eae3f52dc11125c835	2022-12-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.1.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.2"		en		Affected