CVE-2022-49163

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: fix a bug of accessing array out of bounds

When error occurs in parsing jpeg, the slot isn't acquired yet, it may be the default value MXC_MAX_SLOTS. If the driver access the slot using the incorrect slot number, it will access array out of bounds. The result is the driver will change num_domains, which follows slot_data in struct mxc_jpeg_dev. Then the driver won't detach the pm domain at rmmod, which will lead to kernel panic when trying to insmod again.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2db16c6ed72ce644d5639b3ed15e5817442db4ba < 02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747affected
LinuxLinux2db16c6ed72ce644d5639b3ed15e5817442db4ba < 20c8b90430c5d6c4a3936eaa7c35aac670581487affected
LinuxLinux2db16c6ed72ce644d5639b3ed15e5817442db4ba < e209e6db2e527db6a93b14c2deedf969caca78fcaffected
LinuxLinux2db16c6ed72ce644d5639b3ed15e5817442db4ba < 97558d170a1236280407e8d29a7d095d2c2ed554affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.33 <= 5.15.*unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

References