"value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: health: afe4404: Fix oob read in afe4404_[read|write]_raw\n\nKASAN report out-of-bounds read as follows:\n\nBUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380\nRead of size 4 at addr ffffffffc00e4658 by task cat/278\n\nCall Trace:\n afe4404_read_raw\n iio_read_channel_info\n dev_attr_show\n\nThe buggy address belongs to the variable:\n afe4404_channel_leds+0x18/0xffffffffffffe9c0\n\nThis issue can be reproduce by singe command:\n\n $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw\n\nThe array size of afe4404_channel_leds and afe4404_channel_offdacs\nare less than channels, so access with chan->address cause OOB read\nin afe4404_[read|write]_raw. Fix it by moving access before use them."
"value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: health: afe4404: Se corrige la lectura oob en el informe de KASAN afe4404_[read|write]_raw de la siguiente manera: ERROR: KASAN: global-out-of-bounds en afe4404_read_raw+0x2ce/0x380 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffffffc00e4658 por la tarea cat/278 Rastreo de llamadas: afe4404_read_raw iio_read_channel_info dev_attr_show La direcci\u00f3n con errores pertenece a la variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 Este problema se puede reproducir con un solo comando: $ cat /sys/bus/i2c/devices/0-0058/iio\\:device0/in_intensity6_raw El tama\u00f1o de la matriz de afe4404_channel_leds y afe4404_channel_offdacs son menores que los canales, por lo que el acceso con chan->address provoca una lectura OOB en afe4404_[read|write]_raw. Solucione este problema moviendo el acceso antes de usarlos."
