CVE-2022-48716

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd938x: fix incorrect used of portid

Mixer controls have the channel id in mixer->reg, which is not same as port id. port id should be derived from chan_info array. So fix this. Without this, its possible that we could corrupt struct wcd938x_sdw_priv by accessing port_map array out of range with channel id instead of port id.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe8ba1e05bdc016700c85fad559a812c2e795442f < aa7152f9f117b3e66b3c0d4158ca4c6d46ab229faffected
LinuxLinuxe8ba1e05bdc016700c85fad559a812c2e795442f < 9167f2712dc8c24964840a4d1e2ebf130e846b95affected
LinuxLinuxe8ba1e05bdc016700c85fad559a812c2e795442f < c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.22 <= 5.15.*unaffected
LinuxLinux5.16.8 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References