DEBIAN-CVE-2022-49032

DEBIAN-CVE-2022-49032 PUBLISHED CVSS 7.099999904632568 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat /sys/bus/i2c/devices/0-0058/iio\:device0/in_intensity6_raw The array size of afe4404_channel_leds and afe4404_channel_offdacs are less than channels, so access with chan->address cause OOB read in afe4404_[read|write]_raw. Fix it by moving access before use them.

Risk Scores

CVSS 3.1

7.099999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0, 0
Debian:11	linux	5.10.149-1, 5.10.84-1, 5.10.92-1
Debian:14	linux	0, 0, 0
Debian:12	linux	0, 0, 0

Timeline

Oct 21, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-49032 advisory

Open in Interactive Console →