CVE - CVE-2022-49551

CVE-ID
CVE-2022-49551	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1 (...) isp1760_register from isp1760_plat_probe+0x1d8/0x220 (...) This happens because the loop reading the regmap fields for the different ISP1760 variants look like this: for (i = 0; i < HC_FIELD_MAX; i++) { ... } Meaning it expects the arrays to be at least HC_FIELD_MAX - 1 long. However the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[], isp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are dynamically sized during compilation. Fix this by putting an empty assignment to the [HC_FIELD_MAX] and [DC_FIELD_MAX] array member at the end of each array. This will make the array one member longer than it needs to be, but avoids the risk of overwriting whatever is inside [HC_FIELD_MAX - 1] and is simple and intuitive to read. Also add comments explaining what is going on.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/26ae2c942b5702f2e43d36b2a4389cfb7d616b6a URL:https://git.kernel.org/stable/c/26ae2c942b5702f2e43d36b2a4389cfb7d616b6a MISC:https://git.kernel.org/stable/c/463bddd3ff1acf4036ddb80c34a715eb99debf46 URL:https://git.kernel.org/stable/c/463bddd3ff1acf4036ddb80c34a715eb99debf46 MISC:https://git.kernel.org/stable/c/47d39cb57e8669e507d17d9e0d067d2b3e3a87ae URL:https://git.kernel.org/stable/c/47d39cb57e8669e507d17d9e0d067d2b3e3a87ae MISC:https://git.kernel.org/stable/c/bf2558bbdce3ab1d6bcba09f354914e4515d0a2b URL:https://git.kernel.org/stable/c/bf2558bbdce3ab1d6bcba09f354914e4515d0a2b
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)