Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix incorrect used of portid Mixer controls have the channel id in mixer->reg, which is not same as port id. port id should be derived from chan_info array. So fix this. Without this, its possible that we could corrupt struct wcd938x_sdw_priv by accessing port_map array out of range with channel id instead of port id.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.14, < 5.15.22 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/9167f2712dc8c24964840a4d1e2ebf130e846b95Patch
- https://git.kernel.org/stable/c/aa7152f9f117b3e66b3c0d4158ca4c6d46ab229fPatch
- https://git.kernel.org/stable/c/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7Patch
- https://git.kernel.org/stable/c/9167f2712dc8c24964840a4d1e2ebf130e846b95Patch
- https://git.kernel.org/stable/c/aa7152f9f117b3e66b3c0d4158ca4c6d46ab229fPatch
- https://git.kernel.org/stable/c/c5c1546a654f613e291a7c5d6f3660fc1eb6d0c7Patch
FAQ
What is CVE-2022-48716?
CVE-2022-48716 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix incorrect used of portid Mixer controls have the channel id in mixer->reg, which is not same as port id...
How severe is CVE-2022-48716?
CVE-2022-48716 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-48716?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.