CVE-2022-49186
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: clk: visconti: prevent array overflow in visconti_clk_register_gates() This code was using -1 to represent that there was no reset function. Unfortunately, the -1 was stored in u8 so the if (clks[i].rs_id >= 0) condition was always true. This lead to an out of bounds access in visconti_clk_register_gates().
Security Summary
CVE-2022-49186 is a vulnerability in the Linux kernel's visconti clock driver, specifically an array overflow in the visconti_clk_register_gates() function. The issue arises because the code used -1 to indicate no reset function, but this value was stored in a u8 type, causing the condition if (clks[i].rs_id >= 0) to always evaluate as true. This results in an out-of-bounds access. The vulnerability is classified under CWE-129 (Improper Validation of Array Index) with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation leads to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope, potentially allowing arbitrary code execution, data corruption, or system crashes through the out-of-bounds memory access.
Mitigation involves applying the relevant Linux kernel patches, as detailed in the commit at https://git.kernel.org/stable/c/2723543c1d60278d5aef1c4ad732dbad24b84a81 and https://git.kernel.org/stable/c/c5601e0720ce1a3ad895f94a5838530edde01ed3, which resolve the improper handling of the reset ID value to prevent the array overflow.
Details
- CWE(s)